azurerm_windows_web_app

[bertrandpons]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.4.6

AzureRM Provider Version

3.55.0

Affected Resource(s)/Data Source(s)

azurerm_windows_web_app

Terraform Configuration Files

resource "azurerm_service_plan" "plan_example" {
  name                = "plan-example"
  location            = var.default_location
  resource_group_name = azurerm_resource_group.example.name

  os_type = "Windows"

  sku_name = var.serviceplan_example

  tags = local.default_tags
}

resource "azurerm_private_endpoint" "pep_webapp_example" {
  name                = "pep-webapp"
  location            = var.default_location
  resource_group_name = azurerm_resource_group.example.name
  subnet_id           = azurerm_subnet.example.id

  private_service_connection {
    name                           = "pep-webapp"
    is_manual_connection           = false
    private_connection_resource_id = azurerm_windows_web_app.webapp_example.id
    subresource_names              = ["sites"]
  }

  tags = merge(
    {
      Name = "pep-webapp"
    },
    local.default_tags
  )
}

resource "azurerm_windows_web_app" "webapp_example" {
  name                = "webapp-example"
  location            = var.default_location
  resource_group_name = azurerm_resource_group.example.name

  service_plan_id = azurerm_service_plan.plan_example.id

  virtual_network_subnet_id = azurerm_subnet.snet_vnetintegration.id

  site_config {
    use_32_bit_worker   = false
    always_on           = true
    minimum_tls_version = 1.2
    ftps_state          = var.webapp_ftps_state

    vnet_route_all_enabled = true

    application_stack {
      current_stack  = "dotnet"
      dotnet_version = "v4.0"
    }

    ip_restriction {
      action     = "Allow"
      name       = "AllowAccess"
      priority   = 200
      ip_address = "X.X.X.X/32"
    }

    scm_ip_restriction {
      action     = "Allow"
      name       = "AllowAccess"
      priority   = 100
      ip_address = "Y.Y.Y.Y/32"
    }
  }

  app_settings = {}

  identity {
    type = "SystemAssigned"
  }

  enabled = true

  https_only = true

  tags = local.default_tags
}

Debug Output/Panic Output

There is no error in output

Expected Behaviour

Web app network configuration is not modified at each terraform apply

Actual Behaviour

If I turn on "Allow public access" from the portal, it will be turned off next time I run terraform apply.

However, it is well specified in documentation that "Private endpoint and public access can co-exist on an app" (cf. https://learn.microsoft.com/en-us/azure/app-service/networking/private-endpoint#conceptual-overview)

Steps to Reproduce

terraform apply

Important Factoids

No response

References

No response

[gislig]

I am having the same issue, I have to create a additional shell command to enable it again after the tf code has completed.