diff --git a/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/ContainerApps.json b/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/ContainerApps.json index 9894d96bd5ae..87a958542ec8 100644 --- a/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/ContainerApps.json +++ b/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/ContainerApps.json @@ -641,6 +641,16 @@ "allowInsecure": { "description": "Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections", "type": "boolean" + }, + "ipSecurityRestrictions": { + "description": "Rules to restrict incoming IP address.", + "type": "array", + "items": { + "$ref": "#/definitions/IpSecurityRestrictionRule" + }, + "x-ms-identifiers": [ + "name" + ] } } }, @@ -756,6 +766,41 @@ } } }, + "IpSecurityRestrictionRule": { + "description": "Rule to restrict incoming IP address.", + "type": "object", + "required": [ + "name", + "ipAddressRange", + "action" + ], + "properties": { + "name": { + "description": "Name for the IP restriction rule.", + "type": "string" + }, + "description": { + "description": "Describe the IP restriction rule that is being sent to the container-app. This is an optional field.", + "type": "string" + }, + "ipAddressRange": { + "description": "CIDR notation to match incoming IP address", + "type": "string" + }, + "action": { + "description": "Allow or Deny rules to determine for incoming IP. Note: Rules can only consist of ALL Allow or ALL Deny", + "enum": [ + "Allow", + "Deny" + ], + "type": "string", + "x-ms-enum": { + "name": "action", + "modelAsString": true + } + } + } + }, "CustomHostnameAnalysisResult": { "description": "Custom domain analysis.", "type": "object", diff --git a/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_CreateOrUpdate.json b/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_CreateOrUpdate.json index 538658bd88b5..61a37c40e20b 100644 --- a/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_CreateOrUpdate.json +++ b/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_CreateOrUpdate.json @@ -30,6 +30,20 @@ "revisionName": "testcontainerApp0-ab1234", "label": "production" } + ], + "ipSecurityRestrictions": [ + { + "name": "Allow work IP A subnet", + "description": "Allowing all IP's within the subnet below to access containerapp", + "ipAddressRange": "192.168.1.1/32", + "action": "Allow" + }, + { + "name": "Allow work IP B subnet", + "description": "Allowing all IP's within the subnet below to access containerapp", + "ipAddressRange": "192.168.1.1/8", + "action": "Allow" + } ] }, "dapr": { @@ -122,6 +136,20 @@ "revisionName": "testcontainerApp0-ab4321", "label": "staging" } + ], + "ipSecurityRestrictions": [ + { + "name": "Allow work IP A subnet", + "description": "Allowing all IP's within the subnet below to access containerapp", + "ipAddressRange": "192.168.1.1/32", + "action": "Allow" + }, + { + "name": "Allow work IP B subnet", + "description": "Allowing all IP's within the subnet below to access containerapp", + "ipAddressRange": "192.168.1.1/8", + "action": "Allow" + } ] }, "dapr": { diff --git a/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_Get.json b/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_Get.json index d48160502b2f..28b0449e1e9b 100644 --- a/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_Get.json +++ b/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_Get.json @@ -45,6 +45,20 @@ "revisionName": "testcontainerApp0-ab4321", "label": "staging" } + ], + "ipSecurityRestrictions": [ + { + "name": "Allow work IP A subnet", + "description": "Allowing all IP's within the subnet below to access containerapp", + "ipAddressRange": "192.168.1.1/32", + "action": "Allow" + }, + { + "name": "Allow work IP B subnet", + "description": "Allowing all IP's within the subnet below to access containerapp", + "ipAddressRange": "192.168.1.1/8", + "action": "Allow" + } ] }, "dapr": { diff --git a/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_ListByResourceGroup.json b/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_ListByResourceGroup.json index 93204d1cf0f0..084f8d835f39 100644 --- a/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_ListByResourceGroup.json +++ b/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_ListByResourceGroup.json @@ -46,6 +46,20 @@ "revisionName": "testcontainerApp0-ab4321", "label": "staging" } + ], + "ipSecurityRestrictions": [ + { + "name": "Allow work IP A subnet", + "description": "Allowing all IP's within the subnet below to access containerapp", + "ipAddressRange": "192.168.1.1/32", + "action": "Allow" + }, + { + "name": "Allow work IP B subnet", + "description": "Allowing all IP's within the subnet below to access containerapp", + "ipAddressRange": "192.168.1.1/8", + "action": "Allow" + } ] }, "dapr": { diff --git a/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_ListBySubscription.json b/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_ListBySubscription.json index 7a5d0252899b..7138b918f35c 100644 --- a/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_ListBySubscription.json +++ b/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_ListBySubscription.json @@ -45,6 +45,20 @@ "revisionName": "testcontainerApp0-ab4321", "label": "staging" } + ], + "ipSecurityRestrictions": [ + { + "name": "Allow work IP A subnet", + "description": "Allowing all IP's within the subnet below to access containerapp", + "ipAddressRange": "192.168.1.1/32", + "action": "Allow" + }, + { + "name": "Allow work IP B subnet", + "description": "Allowing all IP's within the subnet below to access containerapp", + "ipAddressRange": "192.168.1.1/8", + "action": "Allow" + } ] }, "dapr": { diff --git a/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_Patch.json b/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_Patch.json index b7e19ec6d042..559cf28e79d4 100644 --- a/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_Patch.json +++ b/specification/app/resource-manager/Microsoft.App/preview/2022-06-01-preview/examples/ContainerApps_Patch.json @@ -33,6 +33,20 @@ "revisionName": "testcontainerApp0-ab1234", "label": "production" } + ], + "ipSecurityRestrictions": [ + { + "name": "Allow work IP A subnet", + "description": "Allowing all IP's within the subnet below to access containerapp", + "ipAddressRange": "192.168.1.1/32", + "action": "Allow" + }, + { + "name": "Allow work IP B subnet", + "description": "Allowing all IP's within the subnet below to access containerapp", + "ipAddressRange": "192.168.1.1/8", + "action": "Allow" + } ] }, "dapr": {