Merge pull request #25131 from hashicorp/f/app-service-iprestriction-…

…default-action

`AppService` - Add support for `ip_restriction_default_action` and `scm_ip_restriction_default_action` to all app service resources

internal/services/appservice/helpers/linux_web_app_schema.go

@@ -18,38 +18,40 @@ import (
 )
 
 type SiteConfigLinux struct {
-	AlwaysOn                bool                    `tfschema:"always_on"`
-	ApiManagementConfigId   string                  `tfschema:"api_management_api_id"`
-	ApiDefinition           string                  `tfschema:"api_definition_url"`
-	AppCommandLine          string                  `tfschema:"app_command_line"`
-	AutoHeal                bool                    `tfschema:"auto_heal_enabled"`
-	AutoHealSettings        []AutoHealSettingLinux  `tfschema:"auto_heal_setting"`
-	UseManagedIdentityACR   bool                    `tfschema:"container_registry_use_managed_identity"`
-	ContainerRegistryMSI    string                  `tfschema:"container_registry_managed_identity_client_id"`
-	DefaultDocuments        []string                `tfschema:"default_documents"`
-	Http2Enabled            bool                    `tfschema:"http2_enabled"`
-	IpRestriction           []IpRestriction         `tfschema:"ip_restriction"`
-	ScmUseMainIpRestriction bool                    `tfschema:"scm_use_main_ip_restriction"`
-	ScmIpRestriction        []IpRestriction         `tfschema:"scm_ip_restriction"`
-	LoadBalancing           string                  `tfschema:"load_balancing_mode"`
-	LocalMysql              bool                    `tfschema:"local_mysql_enabled"`
-	ManagedPipelineMode     string                  `tfschema:"managed_pipeline_mode"`
-	RemoteDebugging         bool                    `tfschema:"remote_debugging_enabled"`
-	RemoteDebuggingVersion  string                  `tfschema:"remote_debugging_version"`
-	ScmType                 string                  `tfschema:"scm_type"`
-	Use32BitWorker          bool                    `tfschema:"use_32_bit_worker"`
-	WebSockets              bool                    `tfschema:"websockets_enabled"`
-	FtpsState               string                  `tfschema:"ftps_state"`
-	HealthCheckPath         string                  `tfschema:"health_check_path"`
-	HealthCheckEvictionTime int64                   `tfschema:"health_check_eviction_time_in_min"`
-	NumberOfWorkers         int64                   `tfschema:"worker_count"`
-	ApplicationStack        []ApplicationStackLinux `tfschema:"application_stack"`
-	MinTlsVersion           string                  `tfschema:"minimum_tls_version"`
-	ScmMinTlsVersion        string                  `tfschema:"scm_minimum_tls_version"`
-	Cors                    []CorsSetting           `tfschema:"cors"`
-	DetailedErrorLogging    bool                    `tfschema:"detailed_error_logging_enabled"`
-	LinuxFxVersion          string                  `tfschema:"linux_fx_version"`
-	VnetRouteAllEnabled     bool                    `tfschema:"vnet_route_all_enabled"`
+	AlwaysOn                      bool                    `tfschema:"always_on"`
+	ApiManagementConfigId         string                  `tfschema:"api_management_api_id"`
+	ApiDefinition                 string                  `tfschema:"api_definition_url"`
+	AppCommandLine                string                  `tfschema:"app_command_line"`
+	AutoHeal                      bool                    `tfschema:"auto_heal_enabled"`
+	AutoHealSettings              []AutoHealSettingLinux  `tfschema:"auto_heal_setting"`
+	UseManagedIdentityACR         bool                    `tfschema:"container_registry_use_managed_identity"`
+	ContainerRegistryMSI          string                  `tfschema:"container_registry_managed_identity_client_id"`
+	DefaultDocuments              []string                `tfschema:"default_documents"`
+	Http2Enabled                  bool                    `tfschema:"http2_enabled"`
+	IpRestriction                 []IpRestriction         `tfschema:"ip_restriction"`
+	IpRestrictionDefaultAction    string                  `tfschema:"ip_restriction_default_action"`
+	ScmUseMainIpRestriction       bool                    `tfschema:"scm_use_main_ip_restriction"`
+	ScmIpRestriction              []IpRestriction         `tfschema:"scm_ip_restriction"`
+	ScmIpRestrictionDefaultAction string                  `tfschema:"scm_ip_restriction_default_action"`
+	LoadBalancing                 string                  `tfschema:"load_balancing_mode"`
+	LocalMysql                    bool                    `tfschema:"local_mysql_enabled"`
+	ManagedPipelineMode           string                  `tfschema:"managed_pipeline_mode"`
+	RemoteDebugging               bool                    `tfschema:"remote_debugging_enabled"`
+	RemoteDebuggingVersion        string                  `tfschema:"remote_debugging_version"`
+	ScmType                       string                  `tfschema:"scm_type"`
+	Use32BitWorker                bool                    `tfschema:"use_32_bit_worker"`
+	WebSockets                    bool                    `tfschema:"websockets_enabled"`
+	FtpsState                     string                  `tfschema:"ftps_state"`
+	HealthCheckPath               string                  `tfschema:"health_check_path"`
+	HealthCheckEvictionTime       int64                   `tfschema:"health_check_eviction_time_in_min"`
+	NumberOfWorkers               int64                   `tfschema:"worker_count"`
+	ApplicationStack              []ApplicationStackLinux `tfschema:"application_stack"`
+	MinTlsVersion                 string                  `tfschema:"minimum_tls_version"`
+	ScmMinTlsVersion              string                  `tfschema:"scm_minimum_tls_version"`
+	Cors                          []CorsSetting           `tfschema:"cors"`
+	DetailedErrorLogging          bool                    `tfschema:"detailed_error_logging_enabled"`
+	LinuxFxVersion                string                  `tfschema:"linux_fx_version"`
+	VnetRouteAllEnabled           bool                    `tfschema:"vnet_route_all_enabled"`
 	// SiteLimits []SiteLimitsSettings `tfschema:"site_limits"` // TODO - New block to (possibly) support? No way to configure this in the portal?
 }
 
@@ -124,6 +126,13 @@ func SiteConfigSchemaLinux() *pluginsdk.Schema {
 
 				"ip_restriction": IpRestrictionSchema(),
 
+				"ip_restriction_default_action": {
+					Type:         pluginsdk.TypeString,
+					Optional:     true,
+					Default:      webapps.DefaultActionAllow,
+					ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false),
+				},
+
 				"scm_use_main_ip_restriction": {
 					Type:     pluginsdk.TypeBool,
 					Optional: true,
@@ -132,6 +141,13 @@ func SiteConfigSchemaLinux() *pluginsdk.Schema {
 
 				"scm_ip_restriction": IpRestrictionSchema(),
 
+				"scm_ip_restriction_default_action": {
+					Type:         pluginsdk.TypeString,
+					Optional:     true,
+					Default:      webapps.DefaultActionAllow,
+					ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForDefaultAction(), false),
+				},
+
 				"local_mysql_enabled": {
 					Type:     pluginsdk.TypeBool,
 					Optional: true,
@@ -324,13 +340,23 @@ func SiteConfigSchemaLinuxComputed() *pluginsdk.Schema {
 
 				"ip_restriction": IpRestrictionSchemaComputed(),
 
+				"ip_restriction_default_action": {
+					Type:     pluginsdk.TypeString,
+					Computed: true,
+				},
+
 				"scm_use_main_ip_restriction": {
 					Type:     pluginsdk.TypeBool,
 					Computed: true,
 				},
 
 				"scm_ip_restriction": IpRestrictionSchemaComputed(),
 
+				"scm_ip_restriction_default_action": {
+					Type:     pluginsdk.TypeString,
+					Computed: true,
+				},
+
 				"local_mysql_enabled": {
 					Type:     pluginsdk.TypeBool,
 					Computed: true,
@@ -738,6 +764,8 @@ func (s *SiteConfigLinux) ExpandForCreate(appSettings map[string]string) (*webap
 	expanded.ScmMinTlsVersion = pointer.To(webapps.SupportedTlsVersions(s.ScmMinTlsVersion))
 	expanded.AutoHealEnabled = pointer.To(s.AutoHeal)
 	expanded.VnetRouteAllEnabled = pointer.To(s.VnetRouteAllEnabled)
+	expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.IpRestrictionDefaultAction))
+	expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.ScmIpRestrictionDefaultAction))
 
 	if s.ApiManagementConfigId != "" {
 		expanded.ApiManagementConfig = &webapps.ApiManagementConfig{
@@ -957,6 +985,10 @@ func (s *SiteConfigLinux) ExpandForUpdate(metadata sdk.ResourceMetaData, existin
 		expanded.IPSecurityRestrictions = ipRestrictions
 	}
 
+	if metadata.ResourceData.HasChange("site_config.0.ip_restriction_default_action") {
+		expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.IpRestrictionDefaultAction))
+	}
+
 	if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction") {
 		scmIpRestrictions, err := ExpandIpRestrictions(s.ScmIpRestriction)
 		if err != nil {
@@ -965,6 +997,10 @@ func (s *SiteConfigLinux) ExpandForUpdate(metadata sdk.ResourceMetaData, existin
 		expanded.ScmIPSecurityRestrictions = scmIpRestrictions
 	}
 
+	if metadata.ResourceData.HasChange("site_config.0.scm_ip_restriction_default_action") {
+		expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.ScmIpRestrictionDefaultAction))
+	}
+
 	if metadata.ResourceData.HasChange("site_config.0.load_balancing_mode") {
 		expanded.LoadBalancing = pointer.To(webapps.SiteLoadBalancing(s.LoadBalancing))
 	}
@@ -1043,6 +1079,8 @@ func (s *SiteConfigLinux) Flatten(appSiteConfig *webapps.SiteConfig) {
 		s.WebSockets = pointer.From(appSiteConfig.WebSocketsEnabled)
 		s.VnetRouteAllEnabled = pointer.From(appSiteConfig.VnetRouteAllEnabled)
 		s.Cors = FlattenCorsSettings(appSiteConfig.Cors)
+		s.IpRestrictionDefaultAction = string(pointer.From(appSiteConfig.IPSecurityRestrictionsDefaultAction))
+		s.ScmIpRestrictionDefaultAction = string(pointer.From(appSiteConfig.ScmIPSecurityRestrictionsDefaultAction))
 
 		if appSiteConfig.ApiManagementConfig != nil {
 			s.ApiManagementConfigId = pointer.From(appSiteConfig.ApiManagementConfig.Id)