Terraform Azure应用程序服务-ip_限制

Terraform Azure应用程序服务-ip_限制,terraform,azure-web-app-service,ip-restrictions,Terraform,Azure Web App Service,Ip Restrictions,我正在尝试在我的Azure应用程序服务应用程序中设置IP限制块 执行地形规划或应用时,我收到以下错误: 错误:azurerm_app_service.app-service-1::无效或未知密钥:ip_限制 我使用了应用服务(Web应用)资源的每个Terraform文档的ip_限制 以下是我正在使用的AppService部署代码: resource "azurerm_app_service" "app-service-1" { name = "${var

我正在尝试在我的Azure应用程序服务应用程序中设置IP限制块

执行地形规划或应用时,我收到以下错误: 错误:azurerm_app_service.app-service-1::无效或未知密钥:ip_限制

我使用了应用服务(Web应用)资源的每个Terraform文档的ip_限制

以下是我正在使用的AppService部署代码:

resource "azurerm_app_service" "app-service-1" {
  name                    = "${var.app_service_1}"
  location                = "${data.azurerm_resource_group.core-rg.location}"
  resource_group_name     = "${data.azurerm_resource_group.core-rg.name}"
  app_service_plan_id     = "${data.azurerm_app_service_plan.app-service-plan-1.id}"
  https_only              = "True"
  enabled                 = "True"
  client_affinity_enabled = "True"

  site_config {
    always_on                 = "True"
    #default_documents        = ""
    dotnet_framework_version  = "v4.0"
    #http2_enabled            = ""
    #ip_restriction           = ""
    #java_version             = ""
    #java_container           = ""
    #java_container_version   = ""
    managed_pipeline_mode     = "Integrated"
    min_tls_version           = "1.2"
    #php_version              = ""
    #python_version           = ""
    remote_debugging_enabled  = "False"
    #remote_debugging_version = ""
    scm_type                  = "None"
    use_32_bit_worker_process = "False"
    websockets_enabled        = "True"
    #ftps_state               = ""
  }

  app_settings {
    "KeyVaultURI" = ""
    "WEBSITE_NODE_DEFAULT_VERSION" = "6.9.1"
  }

  ip_restriction {
   "ip_address"     = ""
   }
resource "azurerm_app_service" "app-service-1" {
  name                    = "${var.app_service_1}"
  location                = "${data.azurerm_resource_group.core-rg.location}"
  resource_group_name     = "${data.azurerm_resource_group.core-rg.name}"
  app_service_plan_id     = "${data.azurerm_app_service_plan.app-service-plan-1.id}"
  https_only              = "True"
  enabled                 = "True"
  client_affinity_enabled = "True"
  site_config {
    always_on                 = "True"
    #default_documents        = ""
    dotnet_framework_version  = "v4.0"
    #http2_enabled            = ""
    #ip_restriction           = ""
    #java_version             = ""
    #java_container           = ""
    #java_container_version   = ""
    managed_pipeline_mode     = "Integrated"
    min_tls_version           = "1.2"
    #php_version              = ""
    #python_version           = ""
    remote_debugging_enabled  = "False"
    #remote_debugging_version = ""
    scm_type                  = "None"
    use_32_bit_worker_process = "False"
    websockets_enabled        = "True"
    #ftps_state               = ""
    ip_restriction {
      ip_address  = "${var.ip_address_1}"
    }
    ip_restriction {
      ip_address  = "${var.ip_address_2}"
    }
    ip_restriction {
      ip_address  = "${var.ip_address_3}"
    }
  }
  app_settings {
    "KeyVaultURI" = ""
    "WEBSITE_NODE_DEFAULT_VERSION" = "6.9.1"
    }
  }

谢谢

所以您遇到了语法错误。正如我在过去一年中所了解到的那样,这些文档阅读起来可能会令人困惑。如果你读了上面的部分,你会发现它需要一个或多个。这意味着它需要一个数组

文档中还有一部分告诉您,它在数组中需要一个具有ip地址和子网掩码属性的对象。就是

因此,要解决您的问题,您需要以下ip_限制

ip_restriction = [
    {
        ip_address = "10.0.0.0"
    }
]

希望这有帮助。

对于那些感兴趣的人,这里是在Terraform中使用ipRestrictions的方法

ip限制是站点配置{}的一部分

请参见下面的如何使用:

AppService.tf:

resource "azurerm_app_service" "app-service-1" {
  name                    = "${var.app_service_1}"
  location                = "${data.azurerm_resource_group.core-rg.location}"
  resource_group_name     = "${data.azurerm_resource_group.core-rg.name}"
  app_service_plan_id     = "${data.azurerm_app_service_plan.app-service-plan-1.id}"
  https_only              = "True"
  enabled                 = "True"
  client_affinity_enabled = "True"

  site_config {
    always_on                 = "True"
    #default_documents        = ""
    dotnet_framework_version  = "v4.0"
    #http2_enabled            = ""
    #ip_restriction           = ""
    #java_version             = ""
    #java_container           = ""
    #java_container_version   = ""
    managed_pipeline_mode     = "Integrated"
    min_tls_version           = "1.2"
    #php_version              = ""
    #python_version           = ""
    remote_debugging_enabled  = "False"
    #remote_debugging_version = ""
    scm_type                  = "None"
    use_32_bit_worker_process = "False"
    websockets_enabled        = "True"
    #ftps_state               = ""
  }

  app_settings {
    "KeyVaultURI" = ""
    "WEBSITE_NODE_DEFAULT_VERSION" = "6.9.1"
  }

  ip_restriction {
   "ip_address"     = ""
   }
resource "azurerm_app_service" "app-service-1" {
  name                    = "${var.app_service_1}"
  location                = "${data.azurerm_resource_group.core-rg.location}"
  resource_group_name     = "${data.azurerm_resource_group.core-rg.name}"
  app_service_plan_id     = "${data.azurerm_app_service_plan.app-service-plan-1.id}"
  https_only              = "True"
  enabled                 = "True"
  client_affinity_enabled = "True"
  site_config {
    always_on                 = "True"
    #default_documents        = ""
    dotnet_framework_version  = "v4.0"
    #http2_enabled            = ""
    #ip_restriction           = ""
    #java_version             = ""
    #java_container           = ""
    #java_container_version   = ""
    managed_pipeline_mode     = "Integrated"
    min_tls_version           = "1.2"
    #php_version              = ""
    #python_version           = ""
    remote_debugging_enabled  = "False"
    #remote_debugging_version = ""
    scm_type                  = "None"
    use_32_bit_worker_process = "False"
    websockets_enabled        = "True"
    #ftps_state               = ""
    ip_restriction {
      ip_address  = "${var.ip_address_1}"
    }
    ip_restriction {
      ip_address  = "${var.ip_address_2}"
    }
    ip_restriction {
      ip_address  = "${var.ip_address_3}"
    }
  }
  app_settings {
    "KeyVaultURI" = ""
    "WEBSITE_NODE_DEFAULT_VERSION" = "6.9.1"
    }
  }

@不幸的是,jamies的回答是不正确的。IP_限制不是一个列表,而是一个可重复的块

@gvazzana是正确的格式。 然而,有一个陷阱。。这将导致您看到的错误

在Tf中,我们习惯于以完整的CIDR格式键入IP地址,例如10.23.97.201/23或192.68.50.0/24,本节的azure门户甚至会这样显示它们

但是对于这个特殊的区块,在地形上,你必须按照传统的方式来做。例如:

site_config {
  # For a single IP address
  ip_restriction {
      ip_address = "81.145.174.78"
      } 
  ip_restriction {
  # For an address range 
      ip_address = "10.240.101.0"
      subnet_mask = "255.255.255.0"
     }
}
如果你有一长串的地址和范围,这当然是一件痛苦的事情

现在terraform版本0.12.0已经面世,我们应该能够利用新的
动态
块样式和
cidrhost
cidrmask
功能来简化事情

例如:

测试
Terraform v0.12.13

我认为您需要为ip地址分配一个值。当你把一个有效的IP地址放在那里会发生什么?是的,我在那里有一个IP,我在这篇文章中删除了它。我从Terraform Apply收到的错误是声称“无效或未知密钥:ip_限制”,好像它不是Terraform中支持的命令,请显示Terraform文档。是否有人成功使用ip_限制{“ip_地址”=“1.2.3.4”}。文档说明subnetmask是可选的,但首先我们需要Terraform将ip_限制识别为有效命令。有什么想法吗?谢谢您提供的信息。这确实令人困惑,几乎与来自Terraform的信息相矛盾!我相信这将解决这个问题。再次感谢!如果这回答了您的问题,请确保将其标记为答案,因为这将帮助其他人了解。我终于有机会尝试此live,并且它不接受该格式错误:azurerm_app_service.app-service-1::无效或未知密钥:ip_限制谢谢,非常好的信息。从v11切换到tf v12将非常困难。这么多的变化将不得不发生,并将打破代码,我敢肯定!正是我需要的!除了我认为子网掩码的函数需要是
cdrnetmask(…)
。我无法让它工作,除非我像这样更改:
content{ip\u address=cidrhost(ip\u restriction.value,0)subnet\u id=cidrnetmask(ip\u restriction.value)}
我在中找到了它。ip\u地址必须是CIDR符号,你不能设置名称或设置IP6地址,这很遗憾