Dynamic Priority change when adding multiple IP Restriction for App Services on Azure using terraform

Question

I'm looking a solution for changing the priority on a dynamic "ip_restriction" the code that I use is

variable "ip_address_list" { 
  type = list 
  default = ["20.20.20.3/32" , "10.10.10.2/32"] 
}

site_config {
  dynamic "ip_restriction" {
for_each = var.ip_address_list
  content {
    ip_address  = cidrhost(ip_restriction.value, 0)
    action                    = "Allow"
    priority                  = 100
  }
}

When using this code I got the following output

• ip_restriction= [
• {
• action= "Allow"
• headers= (known after apply)
• ip_address= "20.20.20.3"
• name= (known after apply)
• priority= 100
• service_tag= null
• virtual_network_subnet_id = null },
• {
• action= "Allow"
• headers= (known after apply)
• ip_address= "10.10.10.2"
• name= (known after apply)
• priority= 100
• service_tag= null
• virtual_network_subnet_id = null }, ]

Answer 1

You can use something like this:

locals {
 ip_address_list = [
           {     
                  ip_add : "20.20.20.3/32",
                  prior : "100"
            },
            {     
                 ip_add : "10.10.10.2/32",
                 prior : "101"
            }
     ]
}

and then

  site_config {
  dynamic "ip_restriction" {
for_each = local.ip_address_list
  content {
    ip_address  = ip_restriction.value["ip_add"]
    action                    = "Allow"
    priority                  = ip_restriction.value["prior"]
  }
}

Output:

Note: Instead of declaring the variables you can declare the locals as given above and then use the site config block provided above.

Update: As per this Github issue @martinjt commented that it expects ipadd/32 as the subnet mask is not included in new versions . So, changed the above code by removing the cidrhost and did a apply it got deployed successfully.

Error: with cidrhost

After removing the cidrhost