Using resource azurerm_windows_function_app, I am trying to use the ip_restriction block in site_config however upon plan/apply it errors as apparently optional values are required.
All i want to achieve is to Deny all traffic unless from a network/subnet.
The documentation (https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_function_app) states this is possible.
I am using the latest provider version and the latest Terraform version.
Terraform v1.3.7 on windows_amd64 + provider registry.terraform.io/hashicorp/azurerm v3.38.0 + provider registry.terraform.io/hashicorp/template v2.2.0
Code block uploaded to here https://codebeautify.org/cs/c433a9
Doing an apply on the above I get
Error: Incorrect attribute value type │ │ on main.tf line 181, in resource "azurerm_windows_function_app" "windows_function_app": │ 181: ip_restriction = [ { │ 182: action = "Deny" │ 183: virtual_network_subnet_id = data.terraform_remote_state.netsec_outputs.outputs.vnet_subnets_info["APIM"].id │ 184: name = "APIM Access" │ 185: priority = 1 │ 186: } ] │ ├──────────────── │ │ data.terraform_remote_state.netsec_outputs.outputs.vnet_subnets_info["APIM"].id is "/subscriptions/0000000--00000000--00000000/resourceGroups/prt-sit-2-netsec- 01/providers/Microsoft.Network/virtualNetworks/prt-sit-2-vnet/subnets/apim" │ │ Inappropriate value for attribute "ip_restriction": element 0: attributes "headers", "ip_address", and "service_tag" are required
What i expect to happen is it completes a plan and wishes to add the ip_restriction block.
Worked around my issue. If you use a dynamic block with only the elements you wish to use it passes and validates