azurerm_logic_app_standard does not have an argument for Microsoft.Web/sites/publicNetworkAccess

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.5.4

AzureRM Provider Version

3.108

Affected Resource(s)/Data Source(s)

azurerm_logic_app_standard

Terraform Configuration Files

resource "azurerm_resource_group" "example" {
  name     = "azure-functions-test-rg"
  location = "West Europe"
}

resource "azurerm_storage_account" "example" {
  name                     = "functionsapptestsa"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_app_service_plan" "example" {
  name                = "azure-functions-test-service-plan"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  kind                = "elastic"

  sku {
    tier = "WorkflowStandard"
    size = "WS1"
  }
}

resource "azurerm_logic_app_standard" "example" {
  name                       = "test-azure-functions"
  location                   = azurerm_resource_group.example.location
  resource_group_name        = azurerm_resource_group.example.name
  app_service_plan_id        = azurerm_app_service_plan.example.id
  storage_account_name       = azurerm_storage_account.example.name
  storage_account_access_key = azurerm_storage_account.example.primary_access_key

  app_settings = {
    "FUNCTIONS_WORKER_RUNTIME"     = "node"
    "WEBSITE_NODE_DEFAULT_VERSION" = "~18"
  }
}

Debug Output/Panic Output

na

Expected Behaviour

Using Terraform, I expect to be able to configure both Microsoft parameters described below. Especially since policy or best practice scanners may check both parameters.

Microsoft has 2 parameters regarding "publicNetworkAccess" for Logic App Standard:

"Microsoft.Web/sites/config" (properties.siteConfig.publicNetworkAccess)
"Microsoft.Web/sites" (properties.publicNetworkAccess)

Using Powershell: you can see the 2 parameters. (get-azresource -id "/subscriptions/xxxxxxxxxxxxxxxx/resourceGroups/xxxxxxxx/providers/Microsoft.Web/sites/xxxxxx").properties.siteConfig.publicNetworkAccess (get-azresource -id "/subscriptions/xxxxxxxxxxxxxxxx/resourceGroups/xxxxxxxx/providers/Microsoft.Web/sites/xxxxxx").properties.publicNetworkAccess

AND

Examination of the JSON exported template from a LogicApp in Azure Portal will also show these 2 parameters.

Microsoft.Web/sites/config "publicNetworkAccess"
Microsoft.Web/sites "publicNetworkAccess"

UNFORTUNATELY, I could not find a way to see 'both' parameters with Azure CLI This AZ CLI command only shows #1, properties.siteConfig.publicNetworkAccess, it does not give us #2, properties.publicNetworkAccess. Get-AzWebApp -ResourceGroupName "xxxxxx" -Name "xxxxxx"

ALSO, Looking in Azure Portal > Logic app > settings > Networking > Inbound traffic configuration | Public network access This configuration setting seems to be related only to #2, "Microsoft.Web/sites" (properties.publicNetworkAccess). NOT #1.
because when I changed the value here in portal, the deployment JSON shows: "value": "Microsoft.Web/sites/write", "localizedValue": "Update website"

Actual Behaviour

azurerm_logic_app_standard currently only has 1 argument, and it is for "Microsoft.Web/sites/config" exposed inside the site_config block. It does not have an argument for "Microsoft.Web/sites/"

Steps to Reproduce

terraform apply

hashicorp / terraform-provider-azurerm