Add inbound IP filter support to Logic app resource

alastairtree commented 5 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Add new properties to the logic app workflow to allow users to set the inbound IP white-list filter on the logic app

New or Affected Resource(s)

azurerm_logic_app_workflow

Potential Terraform Configuration

Propose we mirror the IP restriction config syntax on App Service:

resource "azurerm_logic_app_workflow" "test" {
  name                = "workflow1"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"

  ip_restriction = [
    {
        ip_address = "0.0.0.0"
        subnet_mask = "255.255.255.0"
    }
 ]
}

the relevant JSON snippet in the workflow arm template is:

...........
     "accessControl": {
                    "triggers": {
                        "allowedCallerIpAddresses": [
                            {
                                "addressRange": "[parameters('inbound_address_range')]"
                            }
                        ]
                    }
                }
...........

References

More discussion in #1924 and #3004

rohrerb commented 5 years ago

There are two types of firewall settings we need to be able to maintain under accessControl: contents and triggers.

"contents": {
            "allowedCallerIpAddresses": [
               {
                  "addressRange": "192.168.12.0/23"
               },
               {
                  "addressRange": "2001:0db8::/64"
               }
            ]
         },
"triggers": {
            "allowedCallerIpAddresses": [
               {
                  "addressRange": "192.168.12.0/23"
               },
               {
                  "addressRange": "2001:0db8::/64"
               }
            ]
         }

jayendranarumugam commented 3 years ago

IP restriction would be kept on logic app itself rather than every custom trigger. Is this request every have been considered so far ? As I can see its idle for 1 year now

hashicorp / terraform-provider-azurerm