adding ip-restriction feat (Azure#19841)

* adding ip-restriction feat

* remove from stable, add to preview

* fix lintDiff error

* fix modelvalidation error

* fix formatting changes

* rename names, add note to all allow or all deny

* fix spell check error

* update name and examples

* rename `ipAddress` to `ipAddressRange`

* making small change to re-run build pipeline

* trigger GitHub actions

* resolve comments

Co-authored-by: Taher Darolywala <tdarolywala@microsoft.com>

specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/ContainerApps.json

@@ -676,6 +676,16 @@
         "allowInsecure": {
           "description": "Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections",
           "type": "boolean"
+        },
+        "ipSecurityRestrictions": {
+          "description": "Rules to restrict incoming IP address.",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/IpSecurityRestrictionRule"
+          },
+          "x-ms-identifiers": [
+            "name"
+          ]
         }
       }
     },
@@ -791,6 +801,41 @@
         }
       }
     },
+    "IpSecurityRestrictionRule": {
+      "description": "Rule to restrict incoming IP address.",
+      "type": "object",
+      "required": [
+        "name",
+        "ipAddressRange",
+        "action"
+      ],
+      "properties": {
+        "name": {
+          "description": "Name for the IP restriction rule.",
+          "type": "string"
+        },
+        "description": {
+          "description": "Describe the IP restriction rule that is being sent to the container-app. This is an optional field.",
+          "type": "string"
+        },
+        "ipAddressRange": {
+          "description": "CIDR notation to match incoming IP address",
+          "type": "string"
+        },
+        "action": {
+          "description": "Allow or Deny rules to determine for incoming IP. Note: Rules can only consist of ALL Allow or ALL Deny",
+          "enum": [
+            "Allow",
+            "Deny"
+          ],
+          "type": "string",
+          "x-ms-enum": {
+            "name": "action",
+            "modelAsString": true
+          }
+        }
+      }
+    },
     "CustomHostnameAnalysisResult": {
       "description": "Custom domain analysis.",
       "type": "object",

specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_CreateOrUpdate.json

@@ -30,6 +30,20 @@
                 "revisionName": "testcontainerApp0-ab1234",
                 "label": "production"
               }
+            ],
+            "ipSecurityRestrictions": [
+              {
+                "name": "Allow work IP A subnet",
+                "description": "Allowing all IP's within the subnet below to access containerapp",
+                "ipAddressRange": "192.168.1.1/32",
+                "action": "Allow"
+              },
+              {
+                "name": "Allow work IP B subnet",
+                "description": "Allowing all IP's within the subnet below to access containerapp",
+                "ipAddressRange": "192.168.1.1/8",
+                "action": "Allow"
+              }
             ]
           },
           "dapr": {
@@ -125,6 +139,20 @@
                   "revisionName": "testcontainerApp0-ab4321",
                   "label": "staging"
                 }
+              ],
+              "ipSecurityRestrictions": [
+                {
+                  "name": "Allow work IP A subnet",
+                  "description": "Allowing all IP's within the subnet below to access containerapp",
+                  "ipAddressRange": "192.168.1.1/32",
+                  "action": "Allow"
+                },
+                {
+                  "name": "Allow work IP B subnet",
+                  "description": "Allowing all IP's within the subnet below to access containerapp",
+                  "ipAddressRange": "192.168.1.1/8",
+                  "action": "Allow"
+                }
               ]
             },
             "dapr": {

specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_Get.json

@@ -45,6 +45,20 @@
                   "revisionName": "testcontainerApp0-ab4321",
                   "label": "staging"
                 }
+              ],
+              "ipSecurityRestrictions": [
+                {
+                  "name": "Allow work IP A subnet",
+                  "description": "Allowing all IP's within the subnet below to access containerapp",
+                  "ipAddressRange": "192.168.1.1/32",
+                  "action": "Allow"
+                },
+                {
+                  "name": "Allow work IP B subnet",
+                  "description": "Allowing all IP's within the subnet below to access containerapp",
+                  "ipAddressRange": "192.168.1.1/8",
+                  "action": "Allow"
+                }
               ]
             },
             "dapr": {

specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_ListByResourceGroup.json

@@ -46,6 +46,20 @@
                       "revisionName": "testcontainerApp0-ab4321",
                       "label": "staging"
                     }
+                  ],
+                  "ipSecurityRestrictions": [
+                    {
+                      "name": "Allow work IP A subnet",
+                      "description": "Allowing all IP's within the subnet below to access containerapp",
+                      "ipAddressRange": "192.168.1.1/32",
+                      "action": "Allow"
+                    },
+                    {
+                      "name": "Allow work IP B subnet",
+                      "description": "Allowing all IP's within the subnet below to access containerapp",
+                      "ipAddressRange": "192.168.1.1/8",
+                      "action": "Allow"
+                    }
                   ]
                 },
                 "dapr": {

specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_ListBySubscription.json

@@ -45,6 +45,20 @@
                       "revisionName": "testcontainerApp0-ab4321",
                       "label": "staging"
                     }
+                  ],
+                  "ipSecurityRestrictions": [
+                    {
+                      "name": "Allow work IP A subnet",
+                      "description": "Allowing all IP's within the subnet below to access containerapp",
+                      "ipAddressRange": "192.168.1.1/32",
+                      "action": "Allow"
+                    },
+                    {
+                      "name": "Allow work IP B subnet",
+                      "description": "Allowing all IP's within the subnet below to access containerapp",
+                      "ipAddressRange": "192.168.1.1/8",
+                      "action": "Allow"
+                    }
                   ]
                 },
                 "dapr": {

specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_Patch.json

@@ -33,6 +33,20 @@
                 "revisionName": "testcontainerApp0-ab1234",
                 "label": "production"
               }
+            ],
+            "ipSecurityRestrictions": [
+              {
+                "name": "Allow work IP A subnet",
+                "description": "Allowing all IP's within the subnet below to access containerapp",
+                "ipAddressRange": "192.168.1.1/32",
+                "action": "Allow"
+              },
+              {
+                "name": "Allow work IP B subnet",
+                "description": "Allowing all IP's within the subnet below to access containerapp",
+                "ipAddressRange": "192.168.1.1/8",
+                "action": "Allow"
+              }
             ]
           },
           "dapr": {