azurerm_app_service ip_restriction - support for name & priority

[aqche]

Fixes: #6388

Adds the name and priority options to the azurerm_app_service resource's ip_restriction option.

=== RUN   TestAccAzureRMAppService_completeIpRestriction
=== PAUSE TestAccAzureRMAppService_completeIpRestriction
=== CONT  TestAccAzureRMAppService_completeIpRestriction
--- PASS: TestAccAzureRMAppService_completeIpRestriction (143.55s)
PASS
ok      github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/web/tests   143.564s

=== RUN   TestAccDataSourceAzureRMAppService_ipRestriction
=== PAUSE TestAccDataSourceAzureRMAppService_ipRestriction
=== CONT  TestAccDataSourceAzureRMAppService_ipRestriction
--- PASS: TestAccDataSourceAzureRMAppService_ipRestriction (147.63s)
PASS
ok      github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/web/tests   147.645s

[sebader]

Should you check here as well if priority is maximum 65000?

[aqche]

good call

[aqche]

are you sure about the max value being 65000? after some testing, it looks like the max value I can set for priority is 2147483647. If I go above that, priority will be set to a negative value.

[sebader]

good question actually. I just tried to set a rule via az powershell:
Add-AzWebAppAccessRestrictionRule: Cannot validate argument on parameter 'Priority'. The 65001 argument is greater than the maximum allowed range of 65000. Supply an argument that is less than or equal to 65000 and then try the command again.

The portal lets you also set something larger than 65000 and enforces the limit at 2147483647. So I guess you are right, that should be it.

[sebader]

Maybe add a note that it defaults to 65000

[aqche]

sure, thanks for the info

[aqche]

as @sebader noted, priority defaults to 65000 when not provided. Should we make that an explicit default or let it be computed?

[sebader]

I'm not sure where the default of 65000 is injected in this case. Might be in the Go SDK? Since in CLI, Powershell and the portal the parameter must be manually specified, there is no default there.

[sebader]

So might actually be better so explicitly set it?!

[sebader]

nice, looks good to me know @aqche Thank you!

[jackofallops]

Hi @aqche
Thanks for this PR. Just a few minor changes needed and I think this should be good to merge.

Ste

[jackofallops]

I think we'll want Computed: true, on here.

[jackofallops]

I think this should be Computed: true, rather than setting a default. If more than one IP Restriction is used this could cause a conflict. The "default" value is assigned by the platform, rather than it being in the SDK, so can safely be read back from the API if not explicitly set.

[jackofallops]

Could we have an additional test that updates an app_service by adding, then removing, a 2nd ip_restriction? (or extend this one)

[aqche]

@jackofallops thanks for the review! made the updates you suggested. let me know what you think!

=== RUN   TestAccAzureRMAppService_completeIpRestriction
=== PAUSE TestAccAzureRMAppService_completeIpRestriction
=== CONT  TestAccAzureRMAppService_completeIpRestriction
--- PASS: TestAccAzureRMAppService_completeIpRestriction (266.53s)
PASS
ok      github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/web/tests   266.555s

[jackofallops]

Failures are transient at Azure side.

[bentterp]

When I compare with the configuration options in the Azure portal, it seems that the action "allow/deny" is missing.

If there were no deny rules, then there would be no need for assigning priorities - similar to NSG rules.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!