Support for Disable administrative endpoints in Azure Functions and WebApp

Patrik-Berglund commented 1 week ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

Add support for Disable administrative endpoints in Azure Functions and WebApp via setting the App Service site setting: functionsRuntimeAdminIsolationEnabled = true

The documentation only mentions Azure Functions, but the option is available in the Azure Portal for Windows WebApps.

Determines whether the built-in administrator (/admin) endpoints in your function app can be accessed. When set to false (the default), the app allows requests to endpoints under /admin when those requests present a master key in the request. When true, /admin endpoints can't be accessed, even with a master key.

https://go.microsoft.com/fwlink/?linkid=2281478 https://learn.microsoft.com/en-us/azure/azure-functions/functions-app-settings

New or Affected Resource(s)/Data Source(s)

azurerm_windows_web_app, azurerm_windows_function_app

Potential Terraform Configuration

resource "azurerm_windows_function_app" "example" {
  site_config {
    functions_runtime_admin_isolation_enabled = true
  }
}

References

No response

ning-kang commented 2 days ago

This config is managed by a site property named functionsRuntimeAdminIsolationEnabled. However I could not find the property in Azure REST API doc https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/create-or-update?view=rest-appservice-2023-12-01&tabs=HTTP#request-body or the sdk package https://github.com/hashicorp/go-azure-sdk/blob/main/resource-manager/web/2023-12-01/webapps/model_siteproperties.go.

Patrik-Berglund commented 2 days ago

Can't find it either, strange that they release a feature in the Portal but doesn't make it available in the SDK:s / API.

hashicorp / terraform-provider-azurerm