diff --git a/modules/web/site/README.md b/modules/web/site/README.md index 01f8e38e34..491ed806e0 100644 --- a/modules/web/site/README.md +++ b/modules/web/site/README.md @@ -25,6 +25,7 @@ This module deploys a Web or Function App. | `Microsoft.Web/sites/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | | `Microsoft.Web/sites/hybridConnectionNamespaces/relays` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/hybridConnectionNamespaces/relays) | | `Microsoft.Web/sites/slots` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/slots) | +| `Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | | `Microsoft.Web/sites/slots/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | | `Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/slots/hybridConnectionNamespaces/relays) | @@ -472,11 +473,11 @@ module site 'br:bicep/modules/web.site:1.0.0' = { // Non-required parameters basicPublishingCredentialsPolicies: [ { - allow: true + allow: false name: 'ftp' } { - allow: true + allow: false name: 'scm' } ] @@ -545,6 +546,16 @@ module site 'br:bicep/modules/web.site:1.0.0' = { } slots: [ { + basicPublishingCredentialsPolicies: [ + { + allow: false + name: 'ftp' + } + { + allow: false + name: 'scm' + } + ] diagnosticSettings: [ { eventHubAuthorizationRuleResourceId: '' @@ -592,6 +603,14 @@ module site 'br:bicep/modules/web.site:1.0.0' = { } } { + basicPublishingCredentialsPolicies: [ + { + name: 'ftp' + } + { + name: 'scm' + } + ] name: 'slot2' } ] @@ -628,11 +647,11 @@ module site 'br:bicep/modules/web.site:1.0.0' = { "basicPublishingCredentialsPolicies": { "value": [ { - "allow": true, + "allow": false, "name": "ftp" }, { - "allow": true, + "allow": false, "name": "scm" } ] @@ -725,6 +744,16 @@ module site 'br:bicep/modules/web.site:1.0.0' = { "slots": { "value": [ { + "basicPublishingCredentialsPolicies": [ + { + "allow": false, + "name": "ftp" + }, + { + "allow": false, + "name": "scm" + } + ], "diagnosticSettings": [ { "eventHubAuthorizationRuleResourceId": "", @@ -772,6 +801,14 @@ module site 'br:bicep/modules/web.site:1.0.0' = { } }, { + "basicPublishingCredentialsPolicies": [ + { + "name": "ftp" + }, + { + "name": "scm" + } + ], "name": "slot2" } ] diff --git a/modules/web/site/main.bicep b/modules/web/site/main.bicep index e6b77ab84f..6803c41fc8 100644 --- a/modules/web/site/main.bicep +++ b/modules/web/site/main.bicep @@ -268,6 +268,7 @@ module app_slots 'slot/main.bicep' = [for (slot, index) in slots: { diagnosticSettings: slot.?diagnosticSettings roleAssignments: contains(slot, 'roleAssignments') ? slot.roleAssignments : roleAssignments appSettingsKeyValuePairs: contains(slot, 'appSettingsKeyValuePairs') ? slot.appSettingsKeyValuePairs : appSettingsKeyValuePairs + basicPublishingCredentialsPolicies: contains(slot, 'basicPublishingCredentialsPolicies') ? slot.basicPublishingCredentialsPolicies : basicPublishingCredentialsPolicies lock: slot.?lock ?? lock privateEndpoints: contains(slot, 'privateEndpoints') ? slot.privateEndpoints : privateEndpoints tags: slot.?tags ?? tags @@ -291,10 +292,11 @@ module app_slots 'slot/main.bicep' = [for (slot, index) in slots: { }] module app_basicPublishingCredentialsPolicies 'basic-publishing-credentials-policy/main.bicep' = [for (basicPublishingCredentialsPolicy, index) in basicPublishingCredentialsPolicies: { - name: '${uniqueString(deployment().name, location)}-Site-Publis-Cred-${index}' + name: '${uniqueString(deployment().name, location)}-Site-Publish-Cred-${index}' params: { webAppName: app.name name: basicPublishingCredentialsPolicy.name + allow: contains(basicPublishingCredentialsPolicy, 'allow') ? basicPublishingCredentialsPolicy.allow : null enableDefaultTelemetry: enableReferencedModulesTelemetry } }] diff --git a/modules/web/site/main.json b/modules/web/site/main.json index 4358ab448c..45a572bcb1 100644 --- a/modules/web/site/main.json +++ b/modules/web/site/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "18196957481129520546" + "templateHash": "8496123525886789404" }, "name": "Web/Function Apps", "description": "This module deploys a Web or Function App.", @@ -1173,6 +1173,7 @@ }, "roleAssignments": "[if(contains(parameters('slots')[copyIndex()], 'roleAssignments'), createObject('value', parameters('slots')[copyIndex()].roleAssignments), createObject('value', parameters('roleAssignments')))]", "appSettingsKeyValuePairs": "[if(contains(parameters('slots')[copyIndex()], 'appSettingsKeyValuePairs'), createObject('value', parameters('slots')[copyIndex()].appSettingsKeyValuePairs), createObject('value', parameters('appSettingsKeyValuePairs')))]", + "basicPublishingCredentialsPolicies": "[if(contains(parameters('slots')[copyIndex()], 'basicPublishingCredentialsPolicies'), createObject('value', parameters('slots')[copyIndex()].basicPublishingCredentialsPolicies), createObject('value', parameters('basicPublishingCredentialsPolicies')))]", "lock": { "value": "[coalesce(tryGet(parameters('slots')[copyIndex()], 'lock'), parameters('lock'))]" }, @@ -1205,7 +1206,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "17728495950787678705" + "templateHash": "8611977667171476388" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", @@ -1877,6 +1878,13 @@ "description": "Optional. Site redundancy mode." } }, + "basicPublishingCredentialsPolicies": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The site publishing credential policy names which are associated with the site slot." + } + }, "vnetContentShareEnabled": { "type": "bool", "defaultValue": false, @@ -2335,6 +2343,154 @@ "slot" ] }, + "slot_basicPublishingCredentialsPolicies": { + "copy": { + "name": "slot_basicPublishingCredentialsPolicies", + "count": "[length(parameters('basicPublishingCredentialsPolicies'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Slot-Publish-Cred-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "appName": { + "value": "[parameters('appName')]" + }, + "slotName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "[parameters('basicPublishingCredentialsPolicies')[copyIndex()].name]" + }, + "allow": "[if(contains(parameters('basicPublishingCredentialsPolicies')[copyIndex()], 'allow'), createObject('value', parameters('basicPublishingCredentialsPolicies')[copyIndex()].allow), createObject('value', null()))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "9260112433322771379" + }, + "name": "Web Site Slot Basic Publishing Credentials Policies", + "description": "This module deploys a Web Site Slot Basic Publishing Credentials Policy.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "allowedValues": [ + "scm", + "ftp" + ], + "metadata": { + "description": "Required. The name of the resource." + } + }, + "allow": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Set to true to enable or false to disable a publishing method." + } + }, + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment." + } + }, + "slotName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent web site slot. Required if the template is used in a standalone deployment." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}/{2}', parameters('appName'), parameters('slotName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "allow": "[parameters('allow')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the basic publishing credential policy." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the basic publishing credential policy." + }, + "value": "[resourceId('Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies', parameters('appName'), parameters('slotName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the basic publishing credential policy was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies', parameters('appName'), parameters('slotName'), parameters('name')), '2022-09-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "app", + "slot" + ] + }, "slot_hybridConnectionRelays": { "copy": { "name": "slot_hybridConnectionRelays", @@ -3145,7 +3301,7 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-Site-Publis-Cred-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-Site-Publish-Cred-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3158,6 +3314,7 @@ "name": { "value": "[parameters('basicPublishingCredentialsPolicies')[copyIndex()].name]" }, + "allow": "[if(contains(parameters('basicPublishingCredentialsPolicies')[copyIndex()], 'allow'), createObject('value', parameters('basicPublishingCredentialsPolicies')[copyIndex()].allow), createObject('value', null()))]", "enableDefaultTelemetry": { "value": "[variables('enableReferencedModulesTelemetry')]" } @@ -3169,7 +3326,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "12265634131995953652" + "templateHash": "12054216906297236281" }, "name": "Web Site Basic Publishing Credentials Policies", "description": "This module deploys a Web Site Basic Publishing Credentials Policy.", @@ -3190,7 +3347,7 @@ "type": "bool", "defaultValue": true, "metadata": { - "description": "Optional. Set to true to allow access to or false to diable a publishing method." + "description": "Optional. Set to true to enable or false to disable a publishing method." } }, "webAppName": { diff --git a/modules/web/site/slot/README.md b/modules/web/site/slot/README.md index e929296684..3512cb4d8f 100644 --- a/modules/web/site/slot/README.md +++ b/modules/web/site/slot/README.md @@ -20,6 +20,7 @@ This module deploys a Web or Function App Deployment Slot. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | | `Microsoft.Web/sites/slots` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/slots) | +| `Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | | `Microsoft.Web/sites/slots/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | | `Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/slots/hybridConnectionNamespaces/relays) | @@ -46,6 +47,7 @@ This module deploys a Web or Function App Deployment Slot. | [`appServiceEnvironmentResourceId`](#parameter-appserviceenvironmentresourceid) | string | The resource ID of the app service environment to use for this resource. | | [`appSettingsKeyValuePairs`](#parameter-appsettingskeyvaluepairs) | object | The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. | | [`authSettingV2Configuration`](#parameter-authsettingv2configuration) | object | The auth settings V2 configuration. | +| [`basicPublishingCredentialsPolicies`](#parameter-basicpublishingcredentialspolicies) | array | The site publishing credential policy names which are associated with the site slot. | | [`clientAffinityEnabled`](#parameter-clientaffinityenabled) | bool | If client affinity is enabled. | | [`clientCertEnabled`](#parameter-clientcertenabled) | bool | To enable client certificate authentication (TLS mutual authentication). | | [`clientCertExclusionPaths`](#parameter-clientcertexclusionpaths) | string | Client certificate authentication comma-separated exclusion paths. | @@ -114,6 +116,13 @@ The auth settings V2 configuration. - Type: object - Default: `{}` +### Parameter: `basicPublishingCredentialsPolicies` + +The site publishing credential policy names which are associated with the site slot. +- Required: No +- Type: array +- Default: `[]` + ### Parameter: `clientAffinityEnabled` If client affinity is enabled. diff --git a/modules/web/site/slot/basic-publishing-credentials-policy/README.md b/modules/web/site/slot/basic-publishing-credentials-policy/README.md new file mode 100644 index 0000000000..47e7844cd8 --- /dev/null +++ b/modules/web/site/slot/basic-publishing-credentials-policy/README.md @@ -0,0 +1,99 @@ +# Web Site Slot Basic Publishing Credentials Policies `[Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies]` + +This module deploys a Web Site Slot Basic Publishing Credentials Policy. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the resource. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appName`](#parameter-appname) | string | The name of the parent web site. Required if the template is used in a standalone deployment. | +| [`slotName`](#parameter-slotname) | string | The name of the parent web site slot. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allow`](#parameter-allow) | bool | Set to true to enable or false to disable a publishing method. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all Resources. | + +### Parameter: `allow` + +Set to true to enable or false to disable a publishing method. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `appName` + +The name of the parent web site. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the resource. +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'ftp' + 'scm' + ] + ``` + +### Parameter: `slotName` + +The name of the parent web site slot. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the basic publishing credential policy. | +| `resourceGroupName` | string | The name of the resource group the basic publishing credential policy was deployed into. | +| `resourceId` | string | The resource ID of the basic publishing credential policy. | + +## Cross-referenced modules + +_None_ diff --git a/modules/web/site/slot/basic-publishing-credentials-policy/main.bicep b/modules/web/site/slot/basic-publishing-credentials-policy/main.bicep new file mode 100644 index 0000000000..303b1d9e70 --- /dev/null +++ b/modules/web/site/slot/basic-publishing-credentials-policy/main.bicep @@ -0,0 +1,66 @@ +metadata name = 'Web Site Slot Basic Publishing Credentials Policies' +metadata description = 'This module deploys a Web Site Slot Basic Publishing Credentials Policy.' +metadata owner = 'Azure/module-maintainers' + +@sys.description('Required. The name of the resource.') +@allowed([ + 'scm' + 'ftp' +]) +param name string + +@sys.description('Optional. Set to true to enable or false to disable a publishing method.') +param allow bool = true + +@sys.description('Conditional. The name of the parent web site. Required if the template is used in a standalone deployment.') +param appName string + +@sys.description('Conditional. The name of the parent web site slot. Required if the template is used in a standalone deployment.') +param slotName string + +@description('Optional. Location for all Resources.') +param location string = resourceGroup().location + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource app 'Microsoft.Web/sites@2022-09-01' existing = { + name: appName + + resource slot 'slots' existing = { + name: slotName + } +} + +resource basicPublishingCredentialsPolicy 'Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies@2022-09-01' = { + name: name + location: location + parent: app::slot + properties: { + allow: allow + } +} + +@sys.description('The name of the basic publishing credential policy.') +output name string = basicPublishingCredentialsPolicy.name + +@sys.description('The resource ID of the basic publishing credential policy.') +output resourceId string = basicPublishingCredentialsPolicy.id + +@sys.description('The name of the resource group the basic publishing credential policy was deployed into.') +output resourceGroupName string = resourceGroup().name + +@sys.description('The location the resource was deployed into.') +output location string = basicPublishingCredentialsPolicy.location diff --git a/modules/web/site/slot/basic-publishing-credentials-policy/main.json b/modules/web/site/slot/basic-publishing-credentials-policy/main.json new file mode 100644 index 0000000000..f658a67a56 --- /dev/null +++ b/modules/web/site/slot/basic-publishing-credentials-policy/main.json @@ -0,0 +1,114 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "9260112433322771379" + }, + "name": "Web Site Slot Basic Publishing Credentials Policies", + "description": "This module deploys a Web Site Slot Basic Publishing Credentials Policy.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "allowedValues": [ + "scm", + "ftp" + ], + "metadata": { + "description": "Required. The name of the resource." + } + }, + "allow": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Set to true to enable or false to disable a publishing method." + } + }, + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment." + } + }, + "slotName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent web site slot. Required if the template is used in a standalone deployment." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}/{2}', parameters('appName'), parameters('slotName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "allow": "[parameters('allow')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the basic publishing credential policy." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the basic publishing credential policy." + }, + "value": "[resourceId('Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies', parameters('appName'), parameters('slotName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the basic publishing credential policy was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies', parameters('appName'), parameters('slotName'), parameters('name')), '2022-09-01', 'full').location]" + } + } +} \ No newline at end of file diff --git a/modules/web/site/slot/basic-publishing-credentials-policy/version.json b/modules/web/site/slot/basic-publishing-credentials-policy/version.json new file mode 100644 index 0000000000..7fa401bdf7 --- /dev/null +++ b/modules/web/site/slot/basic-publishing-credentials-policy/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.1", + "pathFilters": [ + "./main.json" + ] +} diff --git a/modules/web/site/slot/main.bicep b/modules/web/site/slot/main.bicep index 18f9139fec..77347145fc 100644 --- a/modules/web/site/slot/main.bicep +++ b/modules/web/site/slot/main.bicep @@ -134,6 +134,9 @@ param publicNetworkAccess string = '' ]) param redundancyMode string = 'None' +@description('Optional. The site publishing credential policy names which are associated with the site slot.') +param basicPublishingCredentialsPolicies array = [] + @description('Optional. To enable accessing content over virtual network.') param vnetContentShareEnabled bool = false @@ -243,6 +246,16 @@ module slot_authsettingsv2 'config--authsettingsv2/main.bicep' = if (!empty(auth } } +module slot_basicPublishingCredentialsPolicies 'basic-publishing-credentials-policy/main.bicep' = [for (basicPublishingCredentialsPolicy, index) in basicPublishingCredentialsPolicies: { + name: '${uniqueString(deployment().name, location)}-Slot-Publish-Cred-${index}' + params: { + appName: app.name + slotName: slot.name + name: basicPublishingCredentialsPolicy.name + allow: contains(basicPublishingCredentialsPolicy, 'allow') ? basicPublishingCredentialsPolicy.allow : null + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +}] module slot_hybridConnectionRelays 'hybrid-connection-namespace/relay/main.bicep' = [for (hybridConnectionRelay, index) in hybridConnectionRelays: { name: '${uniqueString(deployment().name, location)}-Slot-HybridConnectionRelay-${index}' params: { diff --git a/modules/web/site/slot/main.json b/modules/web/site/slot/main.json index 8a8395995a..712b88882b 100644 --- a/modules/web/site/slot/main.json +++ b/modules/web/site/slot/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "842322474793993092" + "version": "0.23.1.45101", + "templateHash": "8611977667171476388" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", @@ -678,6 +678,13 @@ "description": "Optional. Site redundancy mode." } }, + "basicPublishingCredentialsPolicies": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The site publishing credential policy names which are associated with the site slot." + } + }, "vnetContentShareEnabled": { "type": "bool", "defaultValue": false, @@ -881,8 +888,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "13223616826795830599" + "version": "0.23.1.45101", + "templateHash": "10562313393461278954" }, "name": "Site Slot App Settings", "description": "This module deploys a Site Slot App Setting.", @@ -1036,8 +1043,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "16157844933162881953" + "version": "0.23.1.45101", + "templateHash": "13215271953171449159" }, "name": "Site Slot Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration.", @@ -1136,6 +1143,154 @@ "slot" ] }, + "slot_basicPublishingCredentialsPolicies": { + "copy": { + "name": "slot_basicPublishingCredentialsPolicies", + "count": "[length(parameters('basicPublishingCredentialsPolicies'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Slot-Publish-Cred-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "appName": { + "value": "[parameters('appName')]" + }, + "slotName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "[parameters('basicPublishingCredentialsPolicies')[copyIndex()].name]" + }, + "allow": "[if(contains(parameters('basicPublishingCredentialsPolicies')[copyIndex()], 'allow'), createObject('value', parameters('basicPublishingCredentialsPolicies')[copyIndex()].allow), createObject('value', null()))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "9260112433322771379" + }, + "name": "Web Site Slot Basic Publishing Credentials Policies", + "description": "This module deploys a Web Site Slot Basic Publishing Credentials Policy.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "allowedValues": [ + "scm", + "ftp" + ], + "metadata": { + "description": "Required. The name of the resource." + } + }, + "allow": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Set to true to enable or false to disable a publishing method." + } + }, + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment." + } + }, + "slotName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent web site slot. Required if the template is used in a standalone deployment." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}/{2}', parameters('appName'), parameters('slotName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "allow": "[parameters('allow')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the basic publishing credential policy." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the basic publishing credential policy." + }, + "value": "[resourceId('Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies', parameters('appName'), parameters('slotName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the basic publishing credential policy was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies', parameters('appName'), parameters('slotName'), parameters('name')), '2022-09-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "app", + "slot" + ] + }, "slot_hybridConnectionRelays": { "copy": { "name": "slot_hybridConnectionRelays", @@ -1170,8 +1325,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "11888981629758921842" + "version": "0.23.1.45101", + "templateHash": "299894459930368764" }, "name": "Web/Function Apps Slot Hybrid Connection Relay", "description": "This module deploys a Site Slot Hybrid Connection Namespace Relay.", @@ -1351,8 +1506,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "12078057657290521609" + "version": "0.23.1.45101", + "templateHash": "6873008238043407177" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1754,8 +1909,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "16391702514342252839" + "version": "0.23.1.45101", + "templateHash": "17578977753131828304" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", diff --git a/modules/web/site/tests/e2e/webAppCommon/main.test.bicep b/modules/web/site/tests/e2e/webAppCommon/main.test.bicep index 93c0fbb5e8..d474772265 100644 --- a/modules/web/site/tests/e2e/webAppCommon/main.test.bicep +++ b/modules/web/site/tests/e2e/webAppCommon/main.test.bicep @@ -114,6 +114,16 @@ module testDeployment '../../../main.bicep' = { } } ] + basicPublishingCredentialsPolicies: [ + { + name: 'ftp' + allow: false + } + { + name: 'scm' + allow: false + } + ] roleAssignments: [ { roleDefinitionIdOrName: 'Reader' @@ -139,6 +149,14 @@ module testDeployment '../../../main.bicep' = { } { name: 'slot2' + basicPublishingCredentialsPolicies: [ + { + name: 'ftp' + } + { + name: 'scm' + } + ] } ] privateEndpoints: [ @@ -179,11 +197,11 @@ module testDeployment '../../../main.bicep' = { basicPublishingCredentialsPolicies: [ { name: 'ftp' - allow: true + allow: false } { name: 'scm' - allow: true + allow: false } ]