How to handle empty list for dynamic block

Terraform
1

This is regarding an Azure resource, app_service, but I think it’s a more general HCL question…

You can specify IP restrictions to an app_service using a dynamic block e.g.

locals {
  ip_addresses = [ "192.168.250.1" ]
}

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_app_service_plan" "example" {
  name                = "example-appserviceplan"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  sku {
    tier = "Standard"
    size = "S1"
  }
}

resource "azurerm_app_service" "example" {
  name                = "example-app-service"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  app_service_plan_id = azurerm_app_service_plan.example.id

  site_config {
    dotnet_framework_version = "v4.0"
    scm_type                 = "LocalGit"
  }

  app_settings = {
    "SOME_KEY" = "some-value"
  }

  connection_string {
    name  = "Database"
    type  = "SQLServer"
    value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
  }

  dynamic "ip_restriction" {
    for_each = toset(local.ip_addresses)
    content {
      ip_address = each.value
    }
  }  
}

However, to remove the restrictions you need to explicit assign ip_restriction to the empty list, i.e.

resource "azurerm_app_service" "example" {
  ...

  ip_restriction = []
}

What I don’t see is how to do this conditional - if I make two resources and have those conditional my app_service will be created/destroyed whereas I need it updated in place.

Ideas?

2

Hi @phatcher,
did you try using null instead of []?

3

Had an answer on StackOverflow

Basically, you need to use Attribute as Block syntax, as per the answer, I’ve included it here for reference

variable "ip_restrictions" {

default = [
    #   {
    #   ip_address = "1.1.1.1/32"
    #   virtual_network_subnet_id = null
    #   subnet_id = null
    #   name = "aaa"
    #   priority = 110
    #   action = "Allow"
    # },

    # {
    #   ip_address = "2.2.2.2/32"
    #   virtual_network_subnet_id = null
    #   subnet_id = null
    #   name = "bbb"
    #   priority = 112
    #   action = "Allow"
    # },

]

}


resource "azurerm_app_service" "example" {
  name                = "nn-example-app-service"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  app_service_plan_id = azurerm_app_service_plan.example.id

  site_config {

  ip_restriction =  [

   for s in var.ip_restrictions :

   {

      ip_address = s.ip_address
      virtual_network_subnet_id = s.virtual_network_subnet_id
      subnet_id = s.subnet_id
      name = s.name
      priority = s.priority
      action = s.action

   }
  ]
}
}