Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_container_app - support: allows IP restrictions without requiring CIDR #25609

Merged
merged 4 commits into from
Apr 15, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions internal/services/containerapps/container_app_resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -526,6 +526,13 @@ func TestAccContainerAppResource_ipSecurityRulesUpdate(t *testing.T) {
),
},
data.ImportStep(),
{
Config: r.ingressSecurityRestrictionNotIncludedCIDR(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
{
Config: r.basic(data),
Check: acceptance.ComposeTestCheckFunc(
Expand Down Expand Up @@ -2487,6 +2494,43 @@ resource "azurerm_container_app" "test" {
`, r.template(data), data.RandomInteger)
}

func (r ContainerAppResource) ingressSecurityRestrictionNotIncludedCIDR(data acceptance.TestData) string {
return fmt.Sprintf(`
%s

resource "azurerm_container_app" "test" {
name = "acctest-capp-%[2]d"
resource_group_name = azurerm_resource_group.test.name
container_app_environment_id = azurerm_container_app_environment.test.id
revision_mode = "Single"

template {
container {
name = "acctest-cont-%[2]d"
image = "jackofallops/azure-containerapps-python-acctest:v0.0.1"
cpu = 0.25
memory = "0.5Gi"
}
}

ingress {
target_port = 5000
ip_security_restriction {
name = "test"
description = "test"
action = "Allow"
ip_address_range = "10.1.0.0"
}

traffic_weight {
latest_revision = true
percentage = 100
}
}
}
`, r.template(data), data.RandomInteger)
}

func (r ContainerAppResource) scaleRulesUpdate(data acceptance.TestData) string {
return fmt.Sprintf(`
%s
Expand Down
4 changes: 2 additions & 2 deletions internal/services/containerapps/helpers/container_apps.go
Original file line number Diff line number Diff line change
Expand Up @@ -484,8 +484,8 @@ func ContainerAppIngressIpSecurityRestriction() *pluginsdk.Schema {
"ip_address_range": {
Type: pluginsdk.TypeString,
Required: true,
ValidateFunc: validation.IsCIDR,
Description: "CIDR notation to match incoming IP address.",
ValidateFunc: validation.Any(validation.IsCIDR, validation.IsIPAddress),
Description: "The incoming IP address or range of IP addresses (in CIDR notation).",
},

"name": {
Expand Down
2 changes: 1 addition & 1 deletion website/docs/r/container_app.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -413,7 +413,7 @@ A `ip_security_restriction` block supports the following:

* `description` - (Optional) Describe the IP restriction rule that is being sent to the container-app.

* `ip_address_range` - (Required) CIDR notation to match incoming IP address.
* `ip_address_range` - (Required) The incoming IP address or range of IP addresses (in CIDR notation).

* `name` - (Required) Name for the IP restriction rule.

Expand Down
Loading