Support for inbound_ip_address properties in azurerm_function_app, azurerm_app_service

LukeCarrier commented 4 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

At the moment Terraform gives us the outbound IP addresses for the app in the following fields:

outbound_ip_addresses
possible_outbound_ip_addresses

I propose adding the same properties for the inbound direction:

inbound_ip_address
possible_inbound_ip_addresses

These are necessary for users trying to configure DNS records at the apex of a domain, where CNAMEs to the default_hostname aren't possible.

The ARM API definitely gives us access to these properties -- e.g. GET /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/my-rg/providers/Microsoft.Web/sites/my-site:

{
    // snip
    "properties": {
        // snip
        "inboundIpAddress": "0.0.0.0",
        "possibleInboundIpAddresses": "0.0.0.0",
        "outboundIpAddresses": "0.0.0.0,1.1.1.1,2.2.2.2,3.3.3.3,4.4.4.4",
        "possibleOutboundIpAddresses": "0.0.0.0,1.1.1.1,2.2.2.2,3.3.3.3,4.4.4.4,5.5.5.5,6.6.6.6,7.7.7.7,8.8.8.8,9.9.9.9"
        // snip
    }
    // snip
}

New or Affected Resource(s)

azurerm_function_app
azurerm_app_service

Potential Terraform Configuration

locals {
  location = "South Central US"
  app_name = "themysteryofthemissingprops"
  domain = "rainbowunsubscribe.com"
  dns_ttl = 3600
}

resource "azurerm_resource_group" "my-app" {
  name = "my-app"
  location = local.location
}

resource "azurerm_storage_account" "my-app" {
  name = "mystorage"
  resource_group_name = azurerm_resource_group.my-app.name
  location = local.location

  account_kind = "Storage"
  account_tier = "Standard"
  account_replication_type = "LRS"
  enable_https_traffic_only = true

  network_rules {
    bypass = ["AzureServices"]
    default_action = "Deny"
  }
}

resource "azurerm_app_service_plan" "my-app" {
  name = "my-app"
  location = local.location
  resource_group_name = azurerm_resource_group.my-app.name

  kind = "Windows"

  sku {
    tier = "Standard"
    size = "S1"
  }
}

resource "azurerm_function_app" "my-app" {
  name = local.app_name

  location = local.location

  resource_group_name = azurerm_app_service_plan.my-app.resource_group_name
  app_service_plan_id = azurerm_app_service_plan.my-app.id

  version = "~3"

  storage_connection_string = azurerm_storage_account.my-app.primary_connection_string

  app_settings = {
    FUNCTIONS_WORKER_RUNTIME = "dotnet"
    WEBSITE_NODE_DEFAULT_VERSION = "~12"
    WEBSITE_RUN_FROM_PACKAGE = "1"
  }
}

resource "azurerm_app_service_custom_hostname_binding" "my-app" {
  hostname = local.domain
  app_service_name = azurerm_function_app.my-app.name
  resource_group_name = azurerm_function_app.my-app.resource_group_name
}

resource "azurerm_dns_zone" "my-app" {
  name = local.domain
  resource_group_name = azurerm_resource_group.my-app.name
}

resource "azurerm_dns_a_record" "my-app-APEX" {
  name = "@"
  resource_group_name = azurerm_dns_zone.my-app.resource_group_name
  zone_name = azurerm_dns_zone.my-app.name

  ttl = local.dns_ttl

  records = [
    // The missing piece is here -- note that virtual_ip on the hostname value
    // will be empty for users running SNI or no certificates.
    azurerm_function.my-app.inbound_ip_address,
  ]
}

resource "azurerm_dns_cname_record" "my-app-awverify" {
  name = "awverify"
  resource_group_name = azurerm_dns_zone.my-app.resource_group_name
  zone_name = azurerm_dns_zone.my-app.name

  ttl = local.dns_ttl

  record = azurerm_function_app.my-app.default_hostname
}

resource "azurerm_dns_txt_record" "my-app-APEX" {
  name = "@"
  resource_group_name = azurerm_dns_zone.my-app.resource_group_name
  zone_name = azurerm_dns_zone.my-app.name

  ttl = local.dns_ttl

  record {
    value = azurerm_function_app.my-app.default_hostname
  }
}

References

None

jonsamwell commented 4 years ago

Any idea when this will be available?

ropstah commented 3 years ago

Bump.

This is required to be able to automatically bind DNS to an Azure Function App.

There even seems to be a forked commit fixing the issue - https://github.com/LukeCarrier/terraform-provider-azurerm/commit/2642118c55618ac3491179049af38f7f8f07916b

BenWaller commented 3 years ago

If you're using a custom hostname binding, that ip address can be accessed with the following reference.

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_custom_hostname_binding#virtual_ip

favoretti commented 3 years ago

Since this issue seems to have been addressed in the latest versions of the provider (or a valid workaround was provided) - I'm going to close it. Please open a new updated bug report if this is still relevant. Thank you.

github-actions[bot] commented 3 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashicorp / terraform-provider-azurerm