-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update various files to not set SiteConfig.PublicNetworkAccess. #25794
base: main
Are you sure you want to change the base?
Conversation
@pauldotknopf - I am seeing this same issue on the azurerm_logic_app_standard resource. Will this PR address that or should I raise an new issue (This PR was the only thing I could find when looking for the error) |
@Mechanolatry The squeaky wheel get's the grease. I'd suggest creating a new PR for it, maybe the maintainers will consolidate them. |
This fix is present in many of resources due to previous Azure API behaviour. |
Latest Azure API changes throws errors if this setting is present in both locations: performing CreateOrUpdate: unexpected status 400 (400 Bad Request) with response: {"Code":"BadRequest","Message":"There was a conflict. SiteConfig.PublicNetworkAccess cannot be modified. Please modify the Site.PublicNetworkAccess property.","Target":null,"Details":[{"Message":"There was a conflict. SiteConfig.PublicNetworkAccess cannot be modified. Please modify the Site.PublicNetworkAccess property."},{"Code":"BadRequest"},{"ErrorEntity":{"ExtendedCode":"01020","MessageTemplate":"There was a conflict. {0}","Parameters":["SiteConfig.PublicNetworkAccess cannot be modified. Please modify the Site.PublicNetworkAccess property."],"Code":"BadRequest","Message":"There was a conflict. SiteConfig.PublicNetworkAccess cannot be modified. Please modify the Site.PublicNetworkAccess property."}}],"Innererror":null}
@Apokalypt @Mechanolatry I've updated the various locations. I'm unsure about how to change |
Really needing this. Is there a timeline on when this will be merged? |
We are looking to have this PR merged. Thanks @pauldotknopf for making the change! |
We're experiencing a similar issue with the other property they've removed |
This change needs to be made for Logic Apps too, I believe it to be the same cause for Logic App which configure site_config, please see #25891 |
We started rolling out this change to ensure Azure policy compliance with specific network related settings (Improving App Service networking configuration control). We found that Terraform is primarily using the SiteConfig versions of the properties (vnetRouteAllEnabled and publicNetworkAccess) and in some cases do not have support for setting the Site properties. |
Are you able to share the Azure regions where this change has not been made yet? thank you! |
We have disabled the change in all regions for now to ensure TF users will not be impacted. We are working with the team to find a way forward without impacting TF users. Let me know if you still see issues (region/site name). |
@madsd Is the rollback complete? I just ran Logic App creation and still get same error (that is a custom tenant):
|
Should be - would you mind sending me the site name in an email and I'll have engineering look at the cause: madsd[at]microsoft.com |
We are still facing this issue. In my case, the Logic App is running in the ASE v3 - East US region. Is rollback paused for Logic App APIs too? |
RE Standard Logic Apps: Initial deploy with any configurations on |
Hi, I tried to create std logic app today using the latest azurerm TF provider version (3.105.0) and it is still failing with the same error - "There was a conflict. SiteConfig.PublicNetworkAccess cannot be set by itself. Please use the Site.PublicNetworkAccess property" |
Latest Azure API changes throws errors if this setting is present in both locations:
Community Note
Description
PR Checklist
For example: “
resource_name_here
- description of change e.g. adding propertynew_property_name_here
”Changes to existing Resource / Data Source
Testing
Change Log
Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.
azurerm_resource
- support for thething1
property [GH-00000]This is a (please select all that apply):