Problem
A breaking change was released in AzureRM v3.49.0 for the App Service resource site_config block.
ip_restrictionblocks are no longer computed - changes to IP restrictions outside of Terraform will now present a diff.scm_ip_restrictionblocks are no longer computed - changes to SCM IP restrictions outside of Terraform will now present a diff.
This may produce the following error if the Terraform code is using a list syntax for the site_config block.
Error: Unsupported argument
│ on main.tf line 27, in resource "azurerm_windows_web_app" "web_app":
│ 27: ip_restriction = [
│ An argument named "ip_restriction" is not expected here. Did you mean to
│ define a block of type "ip_restriction"?
Solutions:
If a list syntax is used then the provider will now require a dynamic block .
Example
dynamic "ip_restriction" {
for_each = var.ip_restrictions
content {
ip_address = ip_restriction.ip_address
name = ip_restriction.name
priority = ip_restriction.priority
action = ip_restriction.action
virtual_network_subnet_id = ip_restriction.virtual_network_subnet_id
service_tag = ip_restriction.service_tag
headers = [
for headers in ip_restriction.headers : {
x_azure_fdid = headers.x_azure_fdid
x_fd_health_probe = headers.x_fd_health_probe
x_forwarded_for = headers.x_forwarded_for
x_forwarded_host = headers.x_forwarded_host
}
]
}
}
dynamic "scm_ip_restriction" {
for_each = var.scm_ip_restriction
content {
ip_address = scm_ip_restriction.ip_address
service_tag = scm_ip_restriction.service_tag
virtual_network_subnet_id = scm_ip_restriction.virtual_network_subnet_id
name = scm_ip_restriction.name
priority = scm_ip_restriction.priority
action = scm_ip_restriction.action
headers = [
for headers in scm_ip_restriction.headers : {
x_azure_fdid = headers.x_azure_fdid
x_fd_health_probe = headers.x_fd_health_probe
x_forwarded_for = headers.x_forwarded_for
x_forwarded_host = headers.x_forwarded_host
}
]
}
}