From 2621a2a37b126fb9a7ed166f68cf2704fc9cd642 Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Sat, 11 Nov 2023 14:02:28 +1100 Subject: [PATCH] [Modules] Fix website publishing cred policy (#4202) * update Web Site Basic Publishing Cred Policies * fix ARM json template * update website arm template * Update modules/web/site/basic-publishing-credentials-policy/main.bicep Co-authored-by: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com> * update parameter description --------- Co-authored-by: Tao Yang Co-authored-by: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com> --- modules/web/site/README.md | 26 ++++++++ .../README.md | 8 +++ .../main.bicep | 5 +- .../main.json | 13 +++- modules/web/site/main.json | 61 +++++++++++-------- .../e2e/functionAppCommon/main.test.bicep | 10 +++ .../tests/e2e/webAppCommon/main.test.bicep | 2 + 7 files changed, 94 insertions(+), 31 deletions(-) diff --git a/modules/web/site/README.md b/modules/web/site/README.md index 201862080b..01f8e38e34 100644 --- a/modules/web/site/README.md +++ b/modules/web/site/README.md @@ -125,6 +125,16 @@ module site 'br:bicep/modules/web.site:1.0.0' = { runtimeVersion: '~1' } } + basicPublishingCredentialsPolicies: [ + { + allow: false + name: 'ftp' + } + { + allow: false + name: 'scm' + } + ] diagnosticSettings: [ { eventHubAuthorizationRuleResourceId: '' @@ -285,6 +295,18 @@ module site 'br:bicep/modules/web.site:1.0.0' = { } } }, + "basicPublishingCredentialsPolicies": { + "value": [ + { + "allow": false, + "name": "ftp" + }, + { + "allow": false, + "name": "scm" + } + ] + }, "diagnosticSettings": { "value": [ { @@ -450,9 +472,11 @@ module site 'br:bicep/modules/web.site:1.0.0' = { // Non-required parameters basicPublishingCredentialsPolicies: [ { + allow: true name: 'ftp' } { + allow: true name: 'scm' } ] @@ -604,9 +628,11 @@ module site 'br:bicep/modules/web.site:1.0.0' = { "basicPublishingCredentialsPolicies": { "value": [ { + "allow": true, "name": "ftp" }, { + "allow": true, "name": "scm" } ] diff --git a/modules/web/site/basic-publishing-credentials-policy/README.md b/modules/web/site/basic-publishing-credentials-policy/README.md index 59fe52102c..a442531e1e 100644 --- a/modules/web/site/basic-publishing-credentials-policy/README.md +++ b/modules/web/site/basic-publishing-credentials-policy/README.md @@ -33,9 +33,17 @@ This module deploys a Web Site Basic Publishing Credentials Policy. | Parameter | Type | Description | | :-- | :-- | :-- | +| [`allow`](#parameter-allow) | bool | Set to true to enable or false to disable a publishing method. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all Resources. | +### Parameter: `allow` + +Set to true to enable or false to disable a publishing method. +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). diff --git a/modules/web/site/basic-publishing-credentials-policy/main.bicep b/modules/web/site/basic-publishing-credentials-policy/main.bicep index c30cc79dc4..dd55286295 100644 --- a/modules/web/site/basic-publishing-credentials-policy/main.bicep +++ b/modules/web/site/basic-publishing-credentials-policy/main.bicep @@ -9,6 +9,9 @@ metadata owner = 'Azure/module-maintainers' ]) param name string +@sys.description('Optional. Set to true to enable or false to disable a publishing method.') +param allow bool = true + @sys.description('Conditional. The name of the parent web site. Required if the template is used in a standalone deployment.') param webAppName string @@ -39,7 +42,7 @@ resource basicPublishingCredentialsPolicy 'Microsoft.Web/sites/basicPublishingCr location: location parent: webApp properties: { - allow: true + allow: allow } } diff --git a/modules/web/site/basic-publishing-credentials-policy/main.json b/modules/web/site/basic-publishing-credentials-policy/main.json index fb7d1f7388..2c3ec469f0 100644 --- a/modules/web/site/basic-publishing-credentials-policy/main.json +++ b/modules/web/site/basic-publishing-credentials-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "5305729672150633375" + "version": "0.23.1.45101", + "templateHash": "12054216906297236281" }, "name": "Web Site Basic Publishing Credentials Policies", "description": "This module deploys a Web Site Basic Publishing Credentials Policy.", @@ -22,6 +22,13 @@ "description": "Required. The name of the resource." } }, + "allow": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Set to true to enable or false to disable a publishing method." + } + }, "webAppName": { "type": "string", "metadata": { @@ -64,7 +71,7 @@ "name": "[format('{0}/{1}', parameters('webAppName'), parameters('name'))]", "location": "[parameters('location')]", "properties": { - "allow": true + "allow": "[parameters('allow')]" } } ], diff --git a/modules/web/site/main.json b/modules/web/site/main.json index 72f1e89be2..4358ab448c 100644 --- a/modules/web/site/main.json +++ b/modules/web/site/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "3962832552855663187" + "version": "0.23.1.45101", + "templateHash": "18196957481129520546" }, "name": "Web/Function Apps", "description": "This module deploys a Web or Function App.", @@ -884,8 +884,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "12140652943143922490" + "version": "0.23.1.45101", + "templateHash": "12410494471478708764" }, "name": "Site App Settings", "description": "This module deploys a Site App Setting.", @@ -1029,8 +1029,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "1120403064106188130" + "version": "0.23.1.45101", + "templateHash": "15667145082226037238" }, "name": "Site Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration.", @@ -1204,8 +1204,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "842322474793993092" + "version": "0.23.1.45101", + "templateHash": "17728495950787678705" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", @@ -2080,8 +2080,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "13223616826795830599" + "version": "0.23.1.45101", + "templateHash": "10562313393461278954" }, "name": "Site Slot App Settings", "description": "This module deploys a Site Slot App Setting.", @@ -2235,8 +2235,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "16157844933162881953" + "version": "0.23.1.45101", + "templateHash": "13215271953171449159" }, "name": "Site Slot Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration.", @@ -2369,8 +2369,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "11888981629758921842" + "version": "0.23.1.45101", + "templateHash": "299894459930368764" }, "name": "Web/Function Apps Slot Hybrid Connection Relay", "description": "This module deploys a Site Slot Hybrid Connection Namespace Relay.", @@ -2550,8 +2550,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "12078057657290521609" + "version": "0.23.1.45101", + "templateHash": "6873008238043407177" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -2953,8 +2953,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "16391702514342252839" + "version": "0.23.1.45101", + "templateHash": "17578977753131828304" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -3168,8 +3168,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "5305729672150633375" + "version": "0.23.1.45101", + "templateHash": "12265634131995953652" }, "name": "Web Site Basic Publishing Credentials Policies", "description": "This module deploys a Web Site Basic Publishing Credentials Policy.", @@ -3186,6 +3186,13 @@ "description": "Required. The name of the resource." } }, + "allow": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Set to true to allow access to or false to diable a publishing method." + } + }, "webAppName": { "type": "string", "metadata": { @@ -3228,7 +3235,7 @@ "name": "[format('{0}/{1}', parameters('webAppName'), parameters('name'))]", "location": "[parameters('location')]", "properties": { - "allow": true + "allow": "[parameters('allow')]" } } ], @@ -3299,8 +3306,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "10458383238656360850" + "version": "0.23.1.45101", + "templateHash": "14574905385050050440" }, "name": "Web/Function Apps Hybrid Connection Relay", "description": "This module deploys a Site Hybrid Connection Namespace Relay.", @@ -3473,8 +3480,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "12078057657290521609" + "version": "0.23.1.45101", + "templateHash": "6873008238043407177" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -3876,8 +3883,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "16391702514342252839" + "version": "0.23.1.45101", + "templateHash": "17578977753131828304" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", diff --git a/modules/web/site/tests/e2e/functionAppCommon/main.test.bicep b/modules/web/site/tests/e2e/functionAppCommon/main.test.bicep index 9219cb3ccf..aa00720f81 100644 --- a/modules/web/site/tests/e2e/functionAppCommon/main.test.bicep +++ b/modules/web/site/tests/e2e/functionAppCommon/main.test.bicep @@ -140,6 +140,16 @@ module testDeployment '../../../main.bicep' = { runtimeVersion: '~1' } } + basicPublishingCredentialsPolicies: [ + { + name: 'ftp' + allow: false + } + { + name: 'scm' + allow: false + } + ] diagnosticSettings: [ { name: 'customSetting' diff --git a/modules/web/site/tests/e2e/webAppCommon/main.test.bicep b/modules/web/site/tests/e2e/webAppCommon/main.test.bicep index ddf1838032..93c0fbb5e8 100644 --- a/modules/web/site/tests/e2e/webAppCommon/main.test.bicep +++ b/modules/web/site/tests/e2e/webAppCommon/main.test.bicep @@ -179,9 +179,11 @@ module testDeployment '../../../main.bicep' = { basicPublishingCredentialsPolicies: [ { name: 'ftp' + allow: true } { name: 'scm' + allow: true } ]