diff --git a/internal/services/containerapps/container_app_resource_test.go b/internal/services/containerapps/container_app_resource_test.go index 0c94934914cc..94b1cda1da32 100644 --- a/internal/services/containerapps/container_app_resource_test.go +++ b/internal/services/containerapps/container_app_resource_test.go @@ -526,6 +526,13 @@ func TestAccContainerAppResource_ipSecurityRulesUpdate(t *testing.T) { ), }, data.ImportStep(), + { + Config: r.ingressSecurityRestrictionNotIncludedCIDR(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), { Config: r.basic(data), Check: acceptance.ComposeTestCheckFunc( @@ -2487,6 +2494,43 @@ resource "azurerm_container_app" "test" { `, r.template(data), data.RandomInteger) } +func (r ContainerAppResource) ingressSecurityRestrictionNotIncludedCIDR(data acceptance.TestData) string { + return fmt.Sprintf(` +%s + +resource "azurerm_container_app" "test" { + name = "acctest-capp-%[2]d" + resource_group_name = azurerm_resource_group.test.name + container_app_environment_id = azurerm_container_app_environment.test.id + revision_mode = "Single" + + template { + container { + name = "acctest-cont-%[2]d" + image = "jackofallops/azure-containerapps-python-acctest:v0.0.1" + cpu = 0.25 + memory = "0.5Gi" + } + } + + ingress { + target_port = 5000 + ip_security_restriction { + name = "test" + description = "test" + action = "Allow" + ip_address_range = "10.1.0.0" + } + + traffic_weight { + latest_revision = true + percentage = 100 + } + } +} +`, r.template(data), data.RandomInteger) +} + func (r ContainerAppResource) scaleRulesUpdate(data acceptance.TestData) string { return fmt.Sprintf(` %s diff --git a/internal/services/containerapps/helpers/container_apps.go b/internal/services/containerapps/helpers/container_apps.go index 707bcf28ac41..c516c022a7f3 100644 --- a/internal/services/containerapps/helpers/container_apps.go +++ b/internal/services/containerapps/helpers/container_apps.go @@ -484,8 +484,8 @@ func ContainerAppIngressIpSecurityRestriction() *pluginsdk.Schema { "ip_address_range": { Type: pluginsdk.TypeString, Required: true, - ValidateFunc: validation.IsCIDR, - Description: "CIDR notation to match incoming IP address.", + ValidateFunc: validation.Any(validation.IsCIDR, validation.IsIPAddress), + Description: "The incoming IP address or range of IP addresses (in CIDR notation).", }, "name": { diff --git a/website/docs/r/container_app.html.markdown b/website/docs/r/container_app.html.markdown index 71b094be586c..348e965dbb0e 100644 --- a/website/docs/r/container_app.html.markdown +++ b/website/docs/r/container_app.html.markdown @@ -413,7 +413,7 @@ A `ip_security_restriction` block supports the following: * `description` - (Optional) Describe the IP restriction rule that is being sent to the container-app. -* `ip_address_range` - (Required) CIDR notation to match incoming IP address. +* `ip_address_range` - (Required) The incoming IP address or range of IP addresses (in CIDR notation). * `name` - (Required) Name for the IP restriction rule.