From 686ac4e2e15ee15ff7b29c4aa8c89ed968dca911 Mon Sep 17 00:00:00 2001 From: Gavin Albantow Date: Fri, 9 Feb 2024 23:58:05 +1100 Subject: [PATCH 1/7] Update resources to add publicNetworkAccess property --- .../logic/logic_app_standard_resource.go | 23 ++++++++++++++++++- .../web/mgmt/2021-02-01/web/models.go | 10 ++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/internal/services/logic/logic_app_standard_resource.go b/internal/services/logic/logic_app_standard_resource.go index 0c29d3383e6f..b2f3fea7a81e 100644 --- a/internal/services/logic/logic_app_standard_resource.go +++ b/internal/services/logic/logic_app_standard_resource.go @@ -115,6 +115,12 @@ func resourceLogicAppStandard() *pluginsdk.Resource { "identity": commonschema.SystemAssignedUserAssignedIdentityOptional(), + "public_network_access_enabled": { + Type: pluginsdk.TypeBool, + Optional: true, + Default: true, + }, + "site_config": schemaLogicAppStandardSiteConfig(), "connection_string": { @@ -294,6 +300,7 @@ func resourceLogicAppStandardCreate(d *pluginsdk.ResourceData, meta interface{}) clientCertMode := d.Get("client_certificate_mode").(string) clientCertEnabled := clientCertMode != "" httpsOnly := d.Get("https_only").(bool) + publicNetworkAccess := d.Get("public_network_access_enabled").(bool) location := azure.NormalizeLocation(d.Get("location").(string)) VirtualNetworkSubnetID := d.Get("virtual_network_subnet_id").(string) t := d.Get("tags").(map[string]interface{}) @@ -303,6 +310,11 @@ func resourceLogicAppStandardCreate(d *pluginsdk.ResourceData, meta interface{}) return err } + pna := helpers.PublicNetworkAccessEnabled + if !publicNetworkAccess { + pna = helpers.PublicNetworkAccessDisabled + } + siteConfig, err := expandLogicAppStandardSiteConfig(d) if err != nil { return fmt.Errorf("expanding `site_config`: %+v", err) @@ -318,7 +330,7 @@ func resourceLogicAppStandardCreate(d *pluginsdk.ResourceData, meta interface{}) appSettings = append(appSettings, basicAppSettings...) siteConfig.AppSettings = &appSettings - + siteEnvelope := web.Site{ Kind: &kind, Location: &location, @@ -329,6 +341,7 @@ func resourceLogicAppStandardCreate(d *pluginsdk.ResourceData, meta interface{}) ClientAffinityEnabled: utils.Bool(clientAffinityEnabled), ClientCertEnabled: utils.Bool(clientCertEnabled), HTTPSOnly: utils.Bool(httpsOnly), + PublicNetworkAccess: utils.String(pna), SiteConfig: &siteConfig, }, } @@ -386,6 +399,7 @@ func resourceLogicAppStandardUpdate(d *pluginsdk.ResourceData, meta interface{}) clientCertMode := d.Get("client_certificate_mode").(string) clientCertEnabled := clientCertMode != "" httpsOnly := d.Get("https_only").(bool) + publicNetworkAccess := d.Get("public_network_access_enabled").(bool) t := d.Get("tags").(map[string]interface{}) basicAppSettings, err := getBasicLogicAppSettings(d, *storageAccountDomainSuffix) @@ -393,6 +407,11 @@ func resourceLogicAppStandardUpdate(d *pluginsdk.ResourceData, meta interface{}) return err } + pna := helpers.PublicNetworkAccessEnabled + if !publicNetworkAccess { + pna = helpers.PublicNetworkAccessDisabled + } + siteConfig, err := expandLogicAppStandardSiteConfig(d) if err != nil { return fmt.Errorf("expanding `site_config`: %+v", err) @@ -427,6 +446,7 @@ func resourceLogicAppStandardUpdate(d *pluginsdk.ResourceData, meta interface{}) ClientAffinityEnabled: utils.Bool(clientAffinityEnabled), ClientCertEnabled: utils.Bool(clientCertEnabled), HTTPSOnly: utils.Bool(httpsOnly), + PublicNetworkAccess: utils.String(pna), SiteConfig: &siteConfig, }, } @@ -561,6 +581,7 @@ func resourceLogicAppStandardRead(d *pluginsdk.ResourceData, meta interface{}) e d.Set("client_affinity_enabled", props.ClientAffinityEnabled) d.Set("custom_domain_verification_id", props.CustomDomainVerificationID) d.Set("virtual_network_subnet_id", props.VirtualNetworkSubnetID) + d.Set("public_network_access_enabled", props.PublicNetworkAccess) clientCertMode := "" if props.ClientCertEnabled != nil && *props.ClientCertEnabled { diff --git a/vendor/github.com/Azure/azure-sdk-for-go/services/web/mgmt/2021-02-01/web/models.go b/vendor/github.com/Azure/azure-sdk-for-go/services/web/mgmt/2021-02-01/web/models.go index e3deb815db42..7805b625a53a 100644 --- a/vendor/github.com/Azure/azure-sdk-for-go/services/web/mgmt/2021-02-01/web/models.go +++ b/vendor/github.com/Azure/azure-sdk-for-go/services/web/mgmt/2021-02-01/web/models.go @@ -24464,6 +24464,8 @@ type SitePatchResourceProperties struct { // VirtualNetworkSubnetID - Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. // This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName} VirtualNetworkSubnetID *string `json:"virtualNetworkSubnetId,omitempty"` + // PublicNetworkAccess - Property to allow or block all public traffic. + PublicNetworkAccess *string `json:"publicNetworkAccess,omitempty"` } // MarshalJSON is the custom marshaler for SitePatchResourceProperties. @@ -24538,6 +24540,9 @@ func (spr SitePatchResourceProperties) MarshalJSON() ([]byte, error) { if spr.VirtualNetworkSubnetID != nil { objectMap["virtualNetworkSubnetId"] = spr.VirtualNetworkSubnetID } + if spr.PublicNetworkAccess != nil { + objectMap["publicNetworkAccess"] = spr.PublicNetworkAccess + } return json.Marshal(objectMap) } @@ -24732,6 +24737,8 @@ type SiteProperties struct { // VirtualNetworkSubnetID - Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. // This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName} VirtualNetworkSubnetID *string `json:"virtualNetworkSubnetId,omitempty"` + // PublicNetworkAccess - Property to allow or block all public traffic. + PublicNetworkAccess *string `json:"publicNetworkAccess,omitempty"` } // MarshalJSON is the custom marshaler for SiteProperties. @@ -24806,6 +24813,9 @@ func (s SiteProperties) MarshalJSON() ([]byte, error) { if s.VirtualNetworkSubnetID != nil { objectMap["virtualNetworkSubnetId"] = s.VirtualNetworkSubnetID } + if s.PublicNetworkAccess != nil { + objectMap["publicNetworkAccess"] = s.PublicNetworkAccess + } return json.Marshal(objectMap) } From f082bc21ee3fe9ec3542986f2eb85410ba685dd3 Mon Sep 17 00:00:00 2001 From: Gavin Albantow <16983537+galbantow@users.noreply.github.com> Date: Sat, 10 Feb 2024 00:14:01 +1100 Subject: [PATCH 2/7] Update resources to add publicNetworkAccess property --- .../logic/logic_app_standard_resource_test.go | 49 ++++++++++++++++++- 1 file changed, 47 insertions(+), 2 deletions(-) diff --git a/internal/services/logic/logic_app_standard_resource_test.go b/internal/services/logic/logic_app_standard_resource_test.go index 3725a7798af7..f1948e1aeb10 100644 --- a/internal/services/logic/logic_app_standard_resource_test.go +++ b/internal/services/logic/logic_app_standard_resource_test.go @@ -872,7 +872,7 @@ func TestAccLogicAppStandard_vNetIntegrationUpdate(t *testing.T) { }) } -func TestAccLogicAppStandard_publicNetworkAccessEnabled(t *testing.T) { +func TestAccLogicAppStandard_siteConfig_publicNetworkAccessEnabled(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_logic_app_standard", "test") r := LogicAppStandardResource{} @@ -896,6 +896,30 @@ func TestAccLogicAppStandard_publicNetworkAccessEnabled(t *testing.T) { }) } +func TestAccLogicAppStandard_publicNetworkAccessEnabled(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_logic_app_standard", "test") + r := LogicAppStandardResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.publicNetworkAccessEnabled(data, false), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("public_network_access_enabled").HasValue("false"), + ), + }, + data.ImportStep(), + { + Config: r.publicNetworkAccessEnabled(data, true), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("public_network_access_enabled").HasValue("true"), + ), + }, + data.ImportStep(), + }) +} + func (r LogicAppStandardResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { id, err := parse.LogicAppStandardID(state.ID) if err != nil { @@ -2205,7 +2229,7 @@ resource "azurerm_logic_app_standard" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomString) } -func (r LogicAppStandardResource) publicNetworkAccessEnabled(data acceptance.TestData, enabled bool) string { +func (r LogicAppStandardResource) publicNetworkAccessEnabled_siteConfig(data acceptance.TestData, enabled bool) string { return fmt.Sprintf(` provider "azurerm" { features {} @@ -2227,3 +2251,24 @@ resource "azurerm_logic_app_standard" "test" { } `, r.template(data), data.RandomInteger, enabled) } + +func (r LogicAppStandardResource) publicNetworkAccessEnabled(data acceptance.TestData, enabled bool) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_logic_app_standard" "test" { + name = "acctest-%d-func" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + app_service_plan_id = azurerm_app_service_plan.test.id + storage_account_name = azurerm_storage_account.test.name + storage_account_access_key = azurerm_storage_account.test.primary_access_key + public_network_access_enabled = %t + +} +`, r.template(data), data.RandomInteger, enabled) +} From b245162fc8e6e5015b7baddf637aeb4c514d0d24 Mon Sep 17 00:00:00 2001 From: Gavin Albantow <16983537+galbantow@users.noreply.github.com> Date: Sat, 10 Feb 2024 00:25:43 +1100 Subject: [PATCH 3/7] Update Doco --- website/docs/r/logic_app_standard.html.markdown | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/docs/r/logic_app_standard.html.markdown b/website/docs/r/logic_app_standard.html.markdown index cc48914bac5a..d877f7160993 100644 --- a/website/docs/r/logic_app_standard.html.markdown +++ b/website/docs/r/logic_app_standard.html.markdown @@ -139,6 +139,8 @@ The following arguments are supported: * `identity` - (Optional) An `identity` block as defined below. +* `public_network_access_enabled` - (Optional) Is public network access enabled? Defaults to `true`. + * `site_config` - (Optional) A `site_config` object as defined below. * `storage_account_name` - (Required) The backend storage account name which will be used by this Logic App (e.g. for Stateful workflows data). Changing this forces a new resource to be created. From f7696547dd44411a2fdc8616cd5138cd5d093e25 Mon Sep 17 00:00:00 2001 From: Gavin Albantow <16983537+galbantow@users.noreply.github.com> Date: Sat, 10 Feb 2024 08:07:18 +1100 Subject: [PATCH 4/7] Fix formatting --- internal/services/logic/logic_app_standard_resource.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/services/logic/logic_app_standard_resource.go b/internal/services/logic/logic_app_standard_resource.go index b2f3fea7a81e..b7e895b97a3c 100644 --- a/internal/services/logic/logic_app_standard_resource.go +++ b/internal/services/logic/logic_app_standard_resource.go @@ -330,7 +330,7 @@ func resourceLogicAppStandardCreate(d *pluginsdk.ResourceData, meta interface{}) appSettings = append(appSettings, basicAppSettings...) siteConfig.AppSettings = &appSettings - + siteEnvelope := web.Site{ Kind: &kind, Location: &location, From 530b63122d6f2e8d2a662bf9569941f95f50712f Mon Sep 17 00:00:00 2001 From: Gavin Albantow <16983537+galbantow@users.noreply.github.com> Date: Tue, 13 Feb 2024 07:47:47 +1100 Subject: [PATCH 5/7] Fix unit tests --- internal/services/logic/logic_app_standard_resource_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/services/logic/logic_app_standard_resource_test.go b/internal/services/logic/logic_app_standard_resource_test.go index f1948e1aeb10..8cd056519612 100644 --- a/internal/services/logic/logic_app_standard_resource_test.go +++ b/internal/services/logic/logic_app_standard_resource_test.go @@ -878,7 +878,7 @@ func TestAccLogicAppStandard_siteConfig_publicNetworkAccessEnabled(t *testing.T) data.ResourceTest(t, r, []acceptance.TestStep{ { - Config: r.publicNetworkAccessEnabled(data, false), + Config: r.publicNetworkAccessEnabled_siteConfig(data, false), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), check.That(data.ResourceName).Key("site_config.0.public_network_access_enabled").HasValue("false"), @@ -886,7 +886,7 @@ func TestAccLogicAppStandard_siteConfig_publicNetworkAccessEnabled(t *testing.T) }, data.ImportStep(), { - Config: r.publicNetworkAccessEnabled(data, true), + Config: r.publicNetworkAccessEnabled_siteConfig(data, true), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), check.That(data.ResourceName).Key("site_config.0.public_network_access_enabled").HasValue("true"), From b7e1a5fc102ad6edca469ec9fbcfcb83ae0ae7ca Mon Sep 17 00:00:00 2001 From: Gavin Albantow <16983537+galbantow@users.noreply.github.com> Date: Tue, 13 Feb 2024 07:56:55 +1100 Subject: [PATCH 6/7] Fix unit tests --- .../logic/logic_app_standard_resource_test.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/services/logic/logic_app_standard_resource_test.go b/internal/services/logic/logic_app_standard_resource_test.go index 8cd056519612..23e0a43ff780 100644 --- a/internal/services/logic/logic_app_standard_resource_test.go +++ b/internal/services/logic/logic_app_standard_resource_test.go @@ -2261,12 +2261,12 @@ provider "azurerm" { %s resource "azurerm_logic_app_standard" "test" { - name = "acctest-%d-func" - location = azurerm_resource_group.test.location - resource_group_name = azurerm_resource_group.test.name - app_service_plan_id = azurerm_app_service_plan.test.id - storage_account_name = azurerm_storage_account.test.name - storage_account_access_key = azurerm_storage_account.test.primary_access_key + name = "acctest-%d-func" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + app_service_plan_id = azurerm_app_service_plan.test.id + storage_account_name = azurerm_storage_account.test.name + storage_account_access_key = azurerm_storage_account.test.primary_access_key public_network_access_enabled = %t } From 69318302e5dfc7aafa0aa093993c4998689e2f12 Mon Sep 17 00:00:00 2001 From: Gavin Albantow Date: Fri, 16 Feb 2024 07:49:48 +1100 Subject: [PATCH 7/7] Update internal/services/logic/logic_app_standard_resource.go Co-authored-by: kt --- internal/services/logic/logic_app_standard_resource.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/services/logic/logic_app_standard_resource.go b/internal/services/logic/logic_app_standard_resource.go index b7e895b97a3c..a32e16df7e25 100644 --- a/internal/services/logic/logic_app_standard_resource.go +++ b/internal/services/logic/logic_app_standard_resource.go @@ -581,7 +581,7 @@ func resourceLogicAppStandardRead(d *pluginsdk.ResourceData, meta interface{}) e d.Set("client_affinity_enabled", props.ClientAffinityEnabled) d.Set("custom_domain_verification_id", props.CustomDomainVerificationID) d.Set("virtual_network_subnet_id", props.VirtualNetworkSubnetID) - d.Set("public_network_access_enabled", props.PublicNetworkAccess) + d.Set("public_network_access_enabled", props.PublicNetworkAccess == helpers.PublicNetworkAccessEnabled ) clientCertMode := "" if props.ClientCertEnabled != nil && *props.ClientCertEnabled {