Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PR #26345 for azurerm_static_web_app setting public_network_access_enabled breaks resource behavior #28226

Open
1 task done
ErikPilsits-RJW opened this issue Dec 10, 2024 · 0 comments · May be fixed by #28232
Open
1 task done

PR #26345 for azurerm_static_web_app setting public_network_access_enabled breaks resource behavior #28226

ErikPilsits-RJW opened this issue Dec 10, 2024 · 0 comments · May be fixed by #28232
Labels
bug service/app-service v/4.x

Comments

@ErikPilsits-RJW
Copy link

ErikPilsits-RJW commented Dec 10, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.10.0

AzureRM Provider Version

4.8.0

Affected Resource(s)/Data Source(s)

azurerm_static_web_app

Terraform Configuration Files

resource "azurerm_static_web_app" "ui" {
  name                = local.static_web_app
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  tags                = local.common_tags
}

Debug Output/Panic Output

n/a

Expected Behaviour

The default value for this property should be null, and the user should be able to set null as a value.

Actual Behaviour

Value can only be true or false.

This setting is not configurable via the azure portal nor the azure cli. It is only configurable via an ARM/Bicep template.

https://learn.microsoft.com/en-us/azure/templates/microsoft.web/staticsites?pivots=deployment-language-bicep#staticsite

According to the template, an empty string is a legal value, and should set the resource configuration property to null.

image

The default value when creating a static web app via the azure portal is null.

This affects the behavior of the static web app when adding a private endpoint. The expected behavior, and the behavior that I believe the null value achieves, is that public network access is allowed in the absence of a private endpoint, and it is blocked when a private endpoint is configured. This lines up with the azure documentation about securing a static web app on a private subnet.

However when the property is explicitly set to "Enabled" (true value in terraform) it overrides this behavior and you cannot disable public network access except by applying the explicit false value via terraform.

Steps to Reproduce

No response

Important Factoids

No response

References

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug service/app-service v/4.x
Projects
None yet
Milestone
No milestone
2 participants
@ErikPilsits-RJW @rcskosir