Support for vnetImagePullEnabled

[peterprumbach-telekom]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

The legacy app setting "WEBSITE_PULL_IMAGE_OVER_VNET" can be enabled on azurerm_windows_web_app and azurerm_linux_web_app (maybe also in the function app). Azure is showing an information that this legacy setting will be replaced with site property 'vnetImagePullEnabled'. We should implement this as an argument on the resources (like vnet_route_all_enabled).

I think it should also be checked, if the web app is connected to a virtual network to use this function.

New or Affected Resource(s)/Data Source(s)

azurerm_windows_web_app, azurerm_linux_web_app

Potential Terraform Configuration

resource "azurerm_linux_web_app" "example" {
  name                = "example"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_service_plan.example.location
  service_plan_id     = azurerm_service_plan.example.id

  site_config {
    vnetImagePullEnabled = true
  }
}

References

No response

[pglagerweij]

I also wanted to use this feature and wanted to make a PR to add this attribute. However that proved more difficult then I thought beforehand. Making a comment so that not another person is checking the same thing.

Currently the azurerm terraform provider is using the "services/**/mgmt/** azure-go-sdk." Which is deprecated and doesn't contain this specific flag in its sdk. In the newest "sdk/resourcemanager/**/arm**" azure-go-sdk this field is there in the SiteProperties.

MIgration guide and information can be found here: https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/MIGRATION_GUIDE.md

So adding this features would requires migrating the entire client and the way the terraform provider authenticates to Azure. Not sure if this is on a general terraform roadmap at the moment.

[joakimlemb]

Any ETA for supporting the "vnetImagePullEnabled" option?

Microsoft might remove the WEBSITE_PULL_IMAGE_OVER_VNET option in the future: https://learn.microsoft.com/nb-no/azure/app-service/configure-vnet-integration-routing#container-image-pull

azapi workaround:

resource "azapi_update_resource" "example_vnet_container_pull_routing" {
  resource_id = azurerm_linux_web_app.example.id
  type        = "Microsoft.Web/sites@2022-09-01"
  body = jsonencode({
    properties = {
      vnetImagePullEnabled: true
    }
  })
}