From 3af7b4d68f9d40df68e737e77fd4241e9b29cd45 Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Fri, 10 Nov 2023 17:11:56 +1100 Subject: [PATCH 1/5] update Web Site Basic Publishing Cred Policies --- modules/web/site/README.md | 26 +++++++++++++++++++ .../README.md | 8 ++++++ .../main.bicep | 5 +++- .../e2e/functionAppCommon/main.test.bicep | 10 +++++++ .../tests/e2e/webAppCommon/main.test.bicep | 2 ++ 5 files changed, 50 insertions(+), 1 deletion(-) diff --git a/modules/web/site/README.md b/modules/web/site/README.md index 201862080b..01f8e38e34 100644 --- a/modules/web/site/README.md +++ b/modules/web/site/README.md @@ -125,6 +125,16 @@ module site 'br:bicep/modules/web.site:1.0.0' = { runtimeVersion: '~1' } } + basicPublishingCredentialsPolicies: [ + { + allow: false + name: 'ftp' + } + { + allow: false + name: 'scm' + } + ] diagnosticSettings: [ { eventHubAuthorizationRuleResourceId: '' @@ -285,6 +295,18 @@ module site 'br:bicep/modules/web.site:1.0.0' = { } } }, + "basicPublishingCredentialsPolicies": { + "value": [ + { + "allow": false, + "name": "ftp" + }, + { + "allow": false, + "name": "scm" + } + ] + }, "diagnosticSettings": { "value": [ { @@ -450,9 +472,11 @@ module site 'br:bicep/modules/web.site:1.0.0' = { // Non-required parameters basicPublishingCredentialsPolicies: [ { + allow: true name: 'ftp' } { + allow: true name: 'scm' } ] @@ -604,9 +628,11 @@ module site 'br:bicep/modules/web.site:1.0.0' = { "basicPublishingCredentialsPolicies": { "value": [ { + "allow": true, "name": "ftp" }, { + "allow": true, "name": "scm" } ] diff --git a/modules/web/site/basic-publishing-credentials-policy/README.md b/modules/web/site/basic-publishing-credentials-policy/README.md index 59fe52102c..a9053430a5 100644 --- a/modules/web/site/basic-publishing-credentials-policy/README.md +++ b/modules/web/site/basic-publishing-credentials-policy/README.md @@ -33,9 +33,17 @@ This module deploys a Web Site Basic Publishing Credentials Policy. | Parameter | Type | Description | | :-- | :-- | :-- | +| [`allow`](#parameter-allow) | bool | Set to true to allow access to or false to diable a publishing method. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all Resources. | +### Parameter: `allow` + +Set to true to allow access to or false to diable a publishing method. +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). diff --git a/modules/web/site/basic-publishing-credentials-policy/main.bicep b/modules/web/site/basic-publishing-credentials-policy/main.bicep index c30cc79dc4..aa5f10ad0e 100644 --- a/modules/web/site/basic-publishing-credentials-policy/main.bicep +++ b/modules/web/site/basic-publishing-credentials-policy/main.bicep @@ -9,6 +9,9 @@ metadata owner = 'Azure/module-maintainers' ]) param name string +@sys.description('Optional. Set to true to allow access to or false to diable a publishing method.') +param allow bool = true + @sys.description('Conditional. The name of the parent web site. Required if the template is used in a standalone deployment.') param webAppName string @@ -39,7 +42,7 @@ resource basicPublishingCredentialsPolicy 'Microsoft.Web/sites/basicPublishingCr location: location parent: webApp properties: { - allow: true + allow: allow } } diff --git a/modules/web/site/tests/e2e/functionAppCommon/main.test.bicep b/modules/web/site/tests/e2e/functionAppCommon/main.test.bicep index 9219cb3ccf..aa00720f81 100644 --- a/modules/web/site/tests/e2e/functionAppCommon/main.test.bicep +++ b/modules/web/site/tests/e2e/functionAppCommon/main.test.bicep @@ -140,6 +140,16 @@ module testDeployment '../../../main.bicep' = { runtimeVersion: '~1' } } + basicPublishingCredentialsPolicies: [ + { + name: 'ftp' + allow: false + } + { + name: 'scm' + allow: false + } + ] diagnosticSettings: [ { name: 'customSetting' diff --git a/modules/web/site/tests/e2e/webAppCommon/main.test.bicep b/modules/web/site/tests/e2e/webAppCommon/main.test.bicep index ddf1838032..93c0fbb5e8 100644 --- a/modules/web/site/tests/e2e/webAppCommon/main.test.bicep +++ b/modules/web/site/tests/e2e/webAppCommon/main.test.bicep @@ -179,9 +179,11 @@ module testDeployment '../../../main.bicep' = { basicPublishingCredentialsPolicies: [ { name: 'ftp' + allow: true } { name: 'scm' + allow: true } ] From 3b1b3cb9183e5610617644fce4d6858adaf793fa Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Fri, 10 Nov 2023 17:27:13 +1100 Subject: [PATCH 2/5] fix ARM json template --- .../basic-publishing-credentials-policy/main.json | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/modules/web/site/basic-publishing-credentials-policy/main.json b/modules/web/site/basic-publishing-credentials-policy/main.json index fb7d1f7388..f65f8d032d 100644 --- a/modules/web/site/basic-publishing-credentials-policy/main.json +++ b/modules/web/site/basic-publishing-credentials-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "5305729672150633375" + "version": "0.23.1.45101", + "templateHash": "12265634131995953652" }, "name": "Web Site Basic Publishing Credentials Policies", "description": "This module deploys a Web Site Basic Publishing Credentials Policy.", @@ -22,6 +22,13 @@ "description": "Required. The name of the resource." } }, + "allow": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Set to true to allow access to or false to diable a publishing method." + } + }, "webAppName": { "type": "string", "metadata": { @@ -64,7 +71,7 @@ "name": "[format('{0}/{1}', parameters('webAppName'), parameters('name'))]", "location": "[parameters('location')]", "properties": { - "allow": true + "allow": "[parameters('allow')]" } } ], From 79e255cd71975d52c6cec905d502fc160bdc4bfc Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Fri, 10 Nov 2023 17:35:51 +1100 Subject: [PATCH 3/5] update website arm template --- modules/web/site/main.json | 61 +++++++++++++++++++++----------------- 1 file changed, 34 insertions(+), 27 deletions(-) diff --git a/modules/web/site/main.json b/modules/web/site/main.json index 72f1e89be2..4358ab448c 100644 --- a/modules/web/site/main.json +++ b/modules/web/site/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "3962832552855663187" + "version": "0.23.1.45101", + "templateHash": "18196957481129520546" }, "name": "Web/Function Apps", "description": "This module deploys a Web or Function App.", @@ -884,8 +884,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "12140652943143922490" + "version": "0.23.1.45101", + "templateHash": "12410494471478708764" }, "name": "Site App Settings", "description": "This module deploys a Site App Setting.", @@ -1029,8 +1029,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "1120403064106188130" + "version": "0.23.1.45101", + "templateHash": "15667145082226037238" }, "name": "Site Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration.", @@ -1204,8 +1204,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "842322474793993092" + "version": "0.23.1.45101", + "templateHash": "17728495950787678705" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", @@ -2080,8 +2080,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "13223616826795830599" + "version": "0.23.1.45101", + "templateHash": "10562313393461278954" }, "name": "Site Slot App Settings", "description": "This module deploys a Site Slot App Setting.", @@ -2235,8 +2235,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "16157844933162881953" + "version": "0.23.1.45101", + "templateHash": "13215271953171449159" }, "name": "Site Slot Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration.", @@ -2369,8 +2369,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "11888981629758921842" + "version": "0.23.1.45101", + "templateHash": "299894459930368764" }, "name": "Web/Function Apps Slot Hybrid Connection Relay", "description": "This module deploys a Site Slot Hybrid Connection Namespace Relay.", @@ -2550,8 +2550,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "12078057657290521609" + "version": "0.23.1.45101", + "templateHash": "6873008238043407177" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -2953,8 +2953,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "16391702514342252839" + "version": "0.23.1.45101", + "templateHash": "17578977753131828304" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -3168,8 +3168,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "5305729672150633375" + "version": "0.23.1.45101", + "templateHash": "12265634131995953652" }, "name": "Web Site Basic Publishing Credentials Policies", "description": "This module deploys a Web Site Basic Publishing Credentials Policy.", @@ -3186,6 +3186,13 @@ "description": "Required. The name of the resource." } }, + "allow": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Set to true to allow access to or false to diable a publishing method." + } + }, "webAppName": { "type": "string", "metadata": { @@ -3228,7 +3235,7 @@ "name": "[format('{0}/{1}', parameters('webAppName'), parameters('name'))]", "location": "[parameters('location')]", "properties": { - "allow": true + "allow": "[parameters('allow')]" } } ], @@ -3299,8 +3306,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "10458383238656360850" + "version": "0.23.1.45101", + "templateHash": "14574905385050050440" }, "name": "Web/Function Apps Hybrid Connection Relay", "description": "This module deploys a Site Hybrid Connection Namespace Relay.", @@ -3473,8 +3480,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "12078057657290521609" + "version": "0.23.1.45101", + "templateHash": "6873008238043407177" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -3876,8 +3883,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "16391702514342252839" + "version": "0.23.1.45101", + "templateHash": "17578977753131828304" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", From 2bf5c2186ce1b13da42baf3c7373afbc1df9549f Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Fri, 10 Nov 2023 21:22:41 +0000 Subject: [PATCH 4/5] Update modules/web/site/basic-publishing-credentials-policy/main.bicep Co-authored-by: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com> --- modules/web/site/basic-publishing-credentials-policy/main.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/web/site/basic-publishing-credentials-policy/main.bicep b/modules/web/site/basic-publishing-credentials-policy/main.bicep index aa5f10ad0e..dd55286295 100644 --- a/modules/web/site/basic-publishing-credentials-policy/main.bicep +++ b/modules/web/site/basic-publishing-credentials-policy/main.bicep @@ -9,7 +9,7 @@ metadata owner = 'Azure/module-maintainers' ]) param name string -@sys.description('Optional. Set to true to allow access to or false to diable a publishing method.') +@sys.description('Optional. Set to true to enable or false to disable a publishing method.') param allow bool = true @sys.description('Conditional. The name of the parent web site. Required if the template is used in a standalone deployment.') From 496f6fbf79002c76d03bd91dca3e35b2b25a26cf Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Sat, 11 Nov 2023 08:38:26 +1100 Subject: [PATCH 5/5] update parameter description --- .../web/site/basic-publishing-credentials-policy/README.md | 4 ++-- .../web/site/basic-publishing-credentials-policy/main.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/web/site/basic-publishing-credentials-policy/README.md b/modules/web/site/basic-publishing-credentials-policy/README.md index a9053430a5..a442531e1e 100644 --- a/modules/web/site/basic-publishing-credentials-policy/README.md +++ b/modules/web/site/basic-publishing-credentials-policy/README.md @@ -33,13 +33,13 @@ This module deploys a Web Site Basic Publishing Credentials Policy. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`allow`](#parameter-allow) | bool | Set to true to allow access to or false to diable a publishing method. | +| [`allow`](#parameter-allow) | bool | Set to true to enable or false to disable a publishing method. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all Resources. | ### Parameter: `allow` -Set to true to allow access to or false to diable a publishing method. +Set to true to enable or false to disable a publishing method. - Required: No - Type: bool - Default: `True` diff --git a/modules/web/site/basic-publishing-credentials-policy/main.json b/modules/web/site/basic-publishing-credentials-policy/main.json index f65f8d032d..2c3ec469f0 100644 --- a/modules/web/site/basic-publishing-credentials-policy/main.json +++ b/modules/web/site/basic-publishing-credentials-policy/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "12265634131995953652" + "templateHash": "12054216906297236281" }, "name": "Web Site Basic Publishing Credentials Policies", "description": "This module deploys a Web Site Basic Publishing Credentials Policy.", @@ -26,7 +26,7 @@ "type": "bool", "defaultValue": true, "metadata": { - "description": "Optional. Set to true to allow access to or false to diable a publishing method." + "description": "Optional. Set to true to enable or false to disable a publishing method." } }, "webAppName": {