From a52dc13fc7d75f4429246c158039b702670bc2fc Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Mon, 30 Jan 2023 20:43:13 +1100
Subject: [PATCH 01/18] updated ase api and tests
---
.../.test/asev3/dependencies.bicep | 42 +++---
.../.test/asev3/deploy.test.bicep | 9 ++
.../hostingEnvironments/deploy.bicep | 141 ++++++++++++------
.../hostingEnvironments/readme.md | 86 ++++++++++-
4 files changed, 209 insertions(+), 69 deletions(-)
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
index 56572c8429..e22f02141a 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
@@ -13,25 +13,25 @@ param managedIdentityName string
var addressPrefix = '10.0.0.0/16'
resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-08-01' = {
- name: networkSecurityGroupName
- location: location
- properties: {
- securityRules: [
- {
- name: 'AllowPortsForASE'
- properties: {
- access: 'Allow'
- destinationAddressPrefix: '10.0.7.0/24'
- destinationPortRange: '454-455'
- direction: 'Inbound'
- priority: 1010
- protocol: '*'
- sourceAddressPrefix: 'AppServiceManagement'
- sourcePortRange: '*'
- }
- }
- ]
- }
+ name: networkSecurityGroupName
+ location: location
+ properties: {
+ securityRules: [
+ {
+ name: 'AllowPortsForASE'
+ properties: {
+ access: 'Allow'
+ destinationAddressPrefix: '10.0.7.0/24'
+ destinationPortRange: '454-455'
+ direction: 'Inbound'
+ priority: 1010
+ protocol: '*'
+ sourceAddressPrefix: 'AppServiceManagement'
+ sourcePortRange: '*'
+ }
+ }
+ ]
+ }
}
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
@@ -55,7 +55,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
{
name: 'ase'
properties: {
- serviceName: 'Microsoft.Web/hostingEnvironments'
+ serviceName: 'Microsoft.Web/hostingEnvironments'
}
}
]
@@ -76,3 +76,5 @@ output subnetResourceId string = virtualNetwork.properties.subnets[0].id
@description('The principal ID of the created Managed Identity.')
output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
index 9964323dd1..cf964e7dd2 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
@@ -69,6 +69,11 @@ module testDeployment '../../deploy.bicep' = {
value: '1'
}
]
+ allowNewPrivateEndpointConnections: true
+ ftpEnabled: true
+ inboundIpAddressOverride: '10.0.0.10'
+ remoteDebugEnabled: true
+ upgradePreference: 'Late'
diagnosticLogsRetentionInDays: 7
diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
@@ -84,5 +89,9 @@ module testDeployment '../../deploy.bicep' = {
principalType: 'ServicePrincipal'
}
]
+ systemAssignedIdentity: true
+ userAssignedIdentities: {
+ '${nestedDependencies.outputs.managedIdentityResourceId}': {}
+ }
}
}
diff --git a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
index eb8c681914..d26eb5a041 100644
--- a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
@@ -5,21 +5,59 @@ param name string
@description('Optional. Location for all resources.')
param location string = resourceGroup().location
+@allowed([
+ ''
+ 'CanNotDelete'
+ 'ReadOnly'
+])
+@description('Optional. Specify the type of lock.')
+param lock string = ''
+
+@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
+param roleAssignments array = []
+
+@description('Optional. Resource tags.')
+param tags object = {}
+
+@allowed([
+ 'ASEv2'
+ 'ASEv3'
+])
@description('Optional. Kind of resource.')
param kind string = 'ASEv3'
-@description('Required. ResourceId for the subnet.')
-param subnetResourceId string
+@description('Optional. Custom settings for changing the behavior of the App Service Environment.')
+param clusterSettings array = [
+ {
+ name: 'DisableTls1.0'
+ value: '1'
+ }
+]
+@description('Optional. CustomDnsSuffixConfiguration resource specific properties. Includes certificateUrl, dnsSuffix and keyVaultReferenceIdentity. Not available when internalLoadBalancingMode is set to None. Cannot be used when kind is set to ASEv2.')
+param customDnsSuffixConfiguration object = {}
+
+@description('Optional. The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2.')
+param dedicatedHostCount int = 0
+
+@description('Optional. DNS suffix of the App Service Environment.')
+param dnsSuffix string = ''
+
+@description('Optional. Scale factor for frontends.')
+param frontEndScaleFactor int = 15
@description('Optional. Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing.')
@allowed([
'None'
'Web'
'Publishing'
+ 'Web, Publishing'
])
param internalLoadBalancingMode string = 'None'
-@description('Optional. Frontend VM size. Cannot be used with \'kind\' `ASEv3`.')
+@description('Optional. Number of IP SSL addresses reserved for the App Service Environment. Cannot be used when kind is set to ASEv3.')
+param ipsslAddressCount int = 0
+
+@description('Optional. Frontend VM size. Cannot be used when kind is set to ASEv3.')
@allowed([
''
'Medium'
@@ -35,29 +73,42 @@ param internalLoadBalancingMode string = 'None'
])
param multiSize string = ''
-@description('Optional. Number of IP SSL addresses reserved for the App Service Environment.')
-param ipsslAddressCount int = -1
+@description('Optional. Property to enable and disable new private endpoint connection creation on ASE. Ignored when kind is set to ASEv2.')
+param allowNewPrivateEndpointConnections bool = false
-@description('Optional. DNS suffix of the App Service Environment.')
-param dnsSuffix string = ''
+@description('Optional. Property to enable and disable FTP on ASEV3. Ignored when kind is set to ASEv2.')
+param ftpEnabled bool = false
-@description('Optional. Scale factor for frontends.')
-param frontEndScaleFactor int = 15
+@description('Optional. Customer provided Inbound IP Address. Only able to be set on Ase create. Ignored when kind is set to ASEv2.')
+param inboundIpAddressOverride string = ''
+
+@description('Optional. Property to enable and disable Remote Debug on ASEv3. Ignored when kind is set to ASEv2.')
+param remoteDebugEnabled bool = false
+
+@description('Optional. Specify preference for when and how the planned maintenance is applied.')
+@allowed([
+ 'Early'
+ 'Late'
+ 'Manual'
+ 'None'
+])
+param upgradePreference string = 'None'
+
+@description('Required. ResourceId for the subnet.')
+param subnetResourceId string
@description('Optional. User added IP ranges to whitelist on ASE DB. Cannot be used with \'kind\' `ASEv3`.')
param userWhitelistedIpRanges array = []
-@description('Optional. Custom settings for changing the behavior of the App Service Environment.')
-param clusterSettings array = [
- {
- name: 'DisableTls1.0'
- value: '1'
- }
-]
-
@description('Optional. Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`.')
param zoneRedundant bool = false
+@description('Optional. Enables system assigned managed identity on the resource.')
+param systemAssignedIdentity bool = false
+
+@description('Optional. The ID(s) to assign to the resource.')
+param userAssignedIdentities object = {}
+
@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.')
@minValue(0)
@maxValue(365)
@@ -75,26 +126,9 @@ param diagnosticEventHubAuthorizationRuleId string = ''
@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.')
param diagnosticEventHubName string = ''
-@allowed([
- ''
- 'CanNotDelete'
- 'ReadOnly'
-])
-@description('Optional. Specify the type of lock.')
-param lock string = ''
-
-@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
-param roleAssignments array = []
-
-@description('Optional. Resource tags.')
-param tags object = {}
-
@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
param enableDefaultTelemetry bool = true
-@description('Optional. The Dedicated Host Count. Is not supported by ASEv2. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0.')
-param dedicatedHostCount int = -1
-
@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.')
@allowed([
'allLogs'
@@ -127,6 +161,13 @@ var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [
}
] : diagnosticsLogsSpecified
+var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None')
+
+var identity = identityType != 'None' ? {
+ type: identityType
+ userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null
+} : null
+
resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
properties: {
@@ -139,28 +180,42 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
}
}
-resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2021-03-01' = {
+resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' = {
name: name
kind: kind
location: location
tags: tags
+ identity: identity
properties: {
+ clusterSettings: clusterSettings
+ customDnsSuffixConfiguration: !empty(customDnsSuffixConfiguration) ? customDnsSuffixConfiguration : null
+ dedicatedHostCount: dedicatedHostCount != 0 ? dedicatedHostCount : null
+ dnsSuffix: dnsSuffix
+ frontEndScaleFactor: frontEndScaleFactor
+ internalLoadBalancingMode: internalLoadBalancingMode
+ ipsslAddressCount: ipsslAddressCount != 0 ? ipsslAddressCount : null
+ multiSize: !empty(multiSize) ? any(multiSize) : null
+ upgradePreference: upgradePreference
+ userWhitelistedIpRanges: !empty(userWhitelistedIpRanges) ? userWhitelistedIpRanges : null
virtualNetwork: {
id: subnetResourceId
subnet: last(split(subnetResourceId, '/'))
}
- internalLoadBalancingMode: internalLoadBalancingMode
- multiSize: !empty(multiSize) ? any(multiSize) : null
- ipsslAddressCount: ipsslAddressCount != -1 ? ipsslAddressCount : null
- dnsSuffix: dnsSuffix
- frontEndScaleFactor: frontEndScaleFactor
- clusterSettings: clusterSettings
- userWhitelistedIpRanges: !empty(userWhitelistedIpRanges) ? userWhitelistedIpRanges : null
- dedicatedHostCount: dedicatedHostCount != -1 ? dedicatedHostCount : null
zoneRedundant: zoneRedundant
}
}
+resource appServiceEnvironment_configurations_networking 'Microsoft.Web/hostingEnvironments/configurations@2022-03-01' = if (kind == 'ASEv3') {
+ name: 'networking'
+ parent: appServiceEnvironment
+ properties: {
+ allowNewPrivateEndpointConnections: allowNewPrivateEndpointConnections
+ ftpEnabled: ftpEnabled
+ inboundIpAddressOverride: inboundIpAddressOverride
+ remoteDebugEnabled: remoteDebugEnabled
+ }
+}
+
resource appServiceEnvironment_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) {
name: '${appServiceEnvironment.name}-${lock}-lock'
properties: {
diff --git a/modules/Microsoft.Web/hostingEnvironments/readme.md b/modules/Microsoft.Web/hostingEnvironments/readme.md
index d843b2fb11..7fe78d9072 100644
--- a/modules/Microsoft.Web/hostingEnvironments/readme.md
+++ b/modules/Microsoft.Web/hostingEnvironments/readme.md
@@ -17,7 +17,8 @@ This module deploys an app service environment.
| `Microsoft.Authorization/locks` | [2020-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
-| `Microsoft.Web/hostingEnvironments` | [2021-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-03-01/hostingEnvironments) |
+| `Microsoft.Web/hostingEnvironments` | [2022-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-03-01/hostingEnvironments) |
+| `Microsoft.Web/hostingEnvironments/configurations` | [2022-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/hostingEnvironments/configurations) |
## Parameters
@@ -32,8 +33,10 @@ This module deploys an app service environment.
| Parameter Name | Type | Default Value | Allowed Values | Description |
| :-- | :-- | :-- | :-- | :-- |
+| `allowNewPrivateEndpointConnections` | bool | `False` | | Property to enable and disable new private endpoint connection creation on ASE. Ignored when kind is set to ASEv2. |
| `clusterSettings` | array | `[System.Management.Automation.OrderedHashtable]` | | Custom settings for changing the behavior of the App Service Environment. |
-| `dedicatedHostCount` | int | `-1` | | The Dedicated Host Count. Is not supported by ASEv2. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. |
+| `customDnsSuffixConfiguration` | object | `{object}` | | CustomDnsSuffixConfiguration resource specific properties. Includes certificateUrl, dnsSuffix and keyVaultReferenceIdentity. Not available when internalLoadBalancingMode is set to None. Cannot be used when kind is set to ASEv2. |
+| `dedicatedHostCount` | int | `0` | | The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2. |
| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, AppServiceEnvironmentPlatformLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. |
@@ -44,14 +47,20 @@ This module deploys an app service environment.
| `dnsSuffix` | string | `''` | | DNS suffix of the App Service Environment. |
| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
| `frontEndScaleFactor` | int | `15` | | Scale factor for frontends. |
-| `internalLoadBalancingMode` | string | `'None'` | `[None, Publishing, Web]` | Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. |
-| `ipsslAddressCount` | int | `-1` | | Number of IP SSL addresses reserved for the App Service Environment. |
-| `kind` | string | `'ASEv3'` | | Kind of resource. |
+| `ftpEnabled` | bool | `False` | | Property to enable and disable FTP on ASEV3. Ignored when kind is set to ASEv2. |
+| `inboundIpAddressOverride` | string | `''` | | Customer provided Inbound IP Address. Only able to be set on Ase create. Ignored when kind is set to ASEv2. |
+| `internalLoadBalancingMode` | string | `'None'` | `[None, Publishing, Web, Web, Publishing]` | Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. |
+| `ipsslAddressCount` | int | `0` | | Number of IP SSL addresses reserved for the App Service Environment. Cannot be used when kind is set to ASEv3. |
+| `kind` | string | `'ASEv3'` | `[ASEv2, ASEv3]` | Kind of resource. |
| `location` | string | `[resourceGroup().location]` | | Location for all resources. |
| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `multiSize` | string | `''` | `['', ExtraLarge, Large, Medium, Standard_D1_V2, Standard_D2, Standard_D2_V2, Standard_D3, Standard_D3_V2, Standard_D4, Standard_D4_V2]` | Frontend VM size. Cannot be used with 'kind' `ASEv3`. |
+| `multiSize` | string | `''` | `['', ExtraLarge, Large, Medium, Standard_D1_V2, Standard_D2, Standard_D2_V2, Standard_D3, Standard_D3_V2, Standard_D4, Standard_D4_V2]` | Frontend VM size. Cannot be used when kind is set to ASEv3. |
+| `remoteDebugEnabled` | bool | `False` | | Property to enable and disable Remote Debug on ASEv3. Ignored when kind is set to ASEv2. |
| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. |
| `tags` | object | `{object}` | | Resource tags. |
+| `upgradePreference` | string | `'None'` | `[Early, Late, Manual, None]` | Specify preference for when and how the planned maintenance is applied. |
+| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. |
| `userWhitelistedIpRanges` | array | `[]` | | User added IP ranges to whitelist on ASE DB. Cannot be used with 'kind' `ASEv3`. |
| `zoneRedundant` | bool | `False` | | Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`. |
@@ -191,6 +200,39 @@ tags: {
+### Parameter Usage: `userAssignedIdentities`
+
+You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format:
+
+
+
+Parameter JSON format
+
+```json
+"userAssignedIdentities": {
+ "value": {
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {},
+ "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {}
+ }
+}
+```
+
+
+
+
+
+Bicep format
+
+```bicep
+userAssignedIdentities: {
+ '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {}
+ '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {}
+}
+```
+
+
+
+
## Outputs
| Output Name | Type | Description |
@@ -340,6 +382,7 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
name: '<>whasev3001'
subnetResourceId: ''
// Non-required parameters
+ allowNewPrivateEndpointConnections: true
clusterSettings: [
{
name: 'DisableTls1.0'
@@ -352,7 +395,10 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
diagnosticStorageAccountId: ''
diagnosticWorkspaceId: ''
enableDefaultTelemetry: ''
+ ftpEnabled: true
+ inboundIpAddressOverride: '10.0.0.10'
lock: 'CanNotDelete'
+ remoteDebugEnabled: true
roleAssignments: [
{
principalIds: [
@@ -362,6 +408,11 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
roleDefinitionIdOrName: 'Reader'
}
]
+ systemAssignedIdentity: true
+ upgradePreference: 'Late'
+ userAssignedIdentities: {
+ '': {}
+ }
}
}
```
@@ -386,6 +437,9 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
"value": ""
},
// Non-required parameters
+ "allowNewPrivateEndpointConnections": {
+ "value": true
+ },
"clusterSettings": {
"value": [
{
@@ -412,9 +466,18 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
"enableDefaultTelemetry": {
"value": ""
},
+ "ftpEnabled": {
+ "value": true
+ },
+ "inboundIpAddressOverride": {
+ "value": "10.0.0.10"
+ },
"lock": {
"value": "CanNotDelete"
},
+ "remoteDebugEnabled": {
+ "value": true
+ },
"roleAssignments": {
"value": [
{
@@ -425,6 +488,17 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
"roleDefinitionIdOrName": "Reader"
}
]
+ },
+ "systemAssignedIdentity": {
+ "value": true
+ },
+ "upgradePreference": {
+ "value": "Late"
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "": {}
+ }
}
}
}
From 03e0a9c453cb30d738bdc9918099dcff531eddcf Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Tue, 31 Jan 2023 06:48:07 +1100
Subject: [PATCH 02/18] introduced custom dns settings
---
.../.test/.scripts/New-Certificate.ps1 | 40 +++++++++
.../.test/asev2/dependencies.bicep | 42 +++++-----
.../.test/asev2/deploy.test.bicep | 28 +++++--
.../.test/asev3/dependencies.bicep | 55 ++++++++++++
.../.test/asev3/deploy.test.bicep | 33 +++++---
.../deploy.bicep | 49 +++++++++++
.../configurations-customdnssuffix/readme.md | 51 ++++++++++++
.../version.json | 4 +
.../configurations-networking/deploy.bicep | 53 ++++++++++++
.../configurations-networking/readme.md | 47 +++++++++++
.../configurations-networking/version.json | 4 +
.../hostingEnvironments/deploy.bicep | 65 ++++++++++-----
.../hostingEnvironments/readme.md | 83 +++++++++++++++++--
13 files changed, 483 insertions(+), 71 deletions(-)
create mode 100644 modules/Microsoft.Web/hostingEnvironments/.test/.scripts/New-Certificate.ps1
create mode 100644 modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/deploy.bicep
create mode 100644 modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/readme.md
create mode 100644 modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/version.json
create mode 100644 modules/Microsoft.Web/hostingEnvironments/configurations-networking/deploy.bicep
create mode 100644 modules/Microsoft.Web/hostingEnvironments/configurations-networking/readme.md
create mode 100644 modules/Microsoft.Web/hostingEnvironments/configurations-networking/version.json
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/.scripts/New-Certificate.ps1 b/modules/Microsoft.Web/hostingEnvironments/.test/.scripts/New-Certificate.ps1
new file mode 100644
index 0000000000..2134d50f10
--- /dev/null
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/.scripts/New-Certificate.ps1
@@ -0,0 +1,40 @@
+param(
+ [string] $KeyVaultName,
+ [string] $CertName
+)
+
+$certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop'
+
+if (-not $certificate) {
+ $policyInputObject = @{
+ SecretContentType = 'application/x-pkcs12'
+ SubjectName = 'CN=*.internal.contoso.com'
+ IssuerName = 'Self'
+ ValidityInMonths = 12
+ ReuseKeyOnRenewal = $true
+ }
+ $certPolicy = New-AzKeyVaultCertificatePolicy @policyInputObject
+
+ $null = Add-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -CertificatePolicy $certPolicy
+ Write-Verbose ('Initiated creation of certificate [{0}] in key vault [{1}]' -f $CertName, $KeyVaultName) -Verbose
+
+ while (-not (Get-AzKeyVaultCertificateOperation -VaultName $KeyVaultName -Name $CertName).Status -eq 'completed') {
+ Write-Verbose 'Waiting 10 seconds for certificate creation' -Verbose
+ Start-Sleep 10
+ }
+
+ Write-Verbose 'Certificate created' -Verbose
+}
+
+$secretId = $certificate.SecretId
+while ([String]::IsNullOrEmpty($secretId)) {
+ Write-Verbose 'Waiting 10 seconds until certificate can be fetched' -Verbose
+ Start-Sleep 10
+ $certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop'
+ $secretId = $certificate.SecretId
+}
+
+# Write into Deployment Script output stream
+$DeploymentScriptOutputs = @{
+ secretUrl = $secretId
+}
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/dependencies.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/dependencies.bicep
index 57e095a001..8ea40d41f7 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/dependencies.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/dependencies.bicep
@@ -13,25 +13,25 @@ param managedIdentityName string
var addressPrefix = '10.0.0.0/16'
resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-08-01' = {
- name: networkSecurityGroupName
- location: location
- properties: {
- securityRules: [
- {
- name: 'AllowPortsForASE2'
- properties: {
- access: 'Allow'
- destinationAddressPrefix: addressPrefix
- destinationPortRange: '454-455'
- direction: 'Inbound'
- priority: 1020
- protocol: '*'
- sourceAddressPrefix: 'AppServiceManagement'
- sourcePortRange: '*'
- }
- }
- ]
- }
+ name: networkSecurityGroupName
+ location: location
+ properties: {
+ securityRules: [
+ {
+ name: 'AllowPortsForASE2'
+ properties: {
+ access: 'Allow'
+ destinationAddressPrefix: addressPrefix
+ destinationPortRange: '454-455'
+ direction: 'Inbound'
+ priority: 1020
+ protocol: '*'
+ sourceAddressPrefix: 'AppServiceManagement'
+ sourcePortRange: '*'
+ }
+ }
+ ]
+ }
}
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
@@ -55,7 +55,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
{
name: 'ase'
properties: {
- serviceName: 'Microsoft.Web/hostingEnvironments'
+ serviceName: 'Microsoft.Web/hostingEnvironments'
}
}
]
@@ -76,3 +76,5 @@ output subnetResourceId string = virtualNetwork.properties.subnets[0].id
@description('The principal ID of the created Managed Identity.')
output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
index 83d7e4b871..8672caaf86 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
@@ -62,6 +62,21 @@ module testDeployment '../../deploy.bicep' = {
params: {
enableDefaultTelemetry: enableDefaultTelemetry
name: '<>${serviceShort}001'
+ location: resourceGroup.location
+ lock: 'CanNotDelete'
+ roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ principalIds: [
+ nestedDependencies.outputs.managedIdentityPrincipalId
+ ]
+ principalType: 'ServicePrincipal'
+ }
+ ]
+ tags: {
+ resourceType: 'App Service Environment'
+ hostingEnvironmentName: '<>${serviceShort}001'
+ }
subnetResourceId: nestedDependencies.outputs.subnetResourceId
clusterSettings: [
{
@@ -74,17 +89,12 @@ module testDeployment '../../deploy.bicep' = {
diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+ systemAssignedIdentity: true
+ userAssignedIdentities: {
+ '${nestedDependencies.outputs.managedIdentityResourceId}': {}
+ }
ipsslAddressCount: 2
kind: 'ASEv2'
multiSize: 'Standard_D1_V2'
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalIds: [
- nestedDependencies.outputs.managedIdentityPrincipalId
- ]
- principalType: 'ServicePrincipal'
- }
- ]
}
}
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
index e22f02141a..d645cc108d 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
@@ -10,6 +10,12 @@ param virtualNetworkName string
@description('Required. The name of the Managed Identity to create.')
param managedIdentityName string
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+@description('Required. The name of the Deployment Script to create for the Certificate generation.')
+param certDeploymentScriptName string
+
var addressPrefix = '10.0.0.0/16'
resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-08-01' = {
@@ -70,6 +76,52 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-
location: location
}
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+ name: keyVaultName
+ location: location
+ properties: {
+ sku: {
+ family: 'A'
+ name: 'standard'
+ }
+ tenantId: tenant().tenantId
+ enablePurgeProtection: null
+ enabledForTemplateDeployment: true
+ enabledForDiskEncryption: true
+ enabledForDeployment: true
+ enableRbacAuthorization: true
+ accessPolicies: []
+ }
+}
+
+resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+ name: guid('msi-${managedIdentity.name}-KeyVault-Admin-RoleAssignment')
+ scope: keyVault
+ properties: {
+ principalId: managedIdentity.properties.principalId
+ roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483') // Key Vault Administrator
+ principalType: 'ServicePrincipal'
+ }
+}
+
+resource certDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+ name: certDeploymentScriptName
+ location: location
+ kind: 'AzurePowerShell'
+ identity: {
+ type: 'UserAssigned'
+ userAssignedIdentities: {
+ '${managedIdentity.id}': {}
+ }
+ }
+ properties: {
+ azPowerShellVersion: '8.0'
+ retentionInterval: 'P1D'
+ arguments: '-KeyVaultName "${keyVault.name}" -CertName "asev3certificate"'
+ scriptContent: loadTextContent('../.scripts/New-Certificate.ps1')
+ }
+}
+
@description('The resource ID of the created Virtual Network Subnet.')
output subnetResourceId string = virtualNetwork.properties.subnets[0].id
@@ -78,3 +130,6 @@ output managedIdentityPrincipalId string = managedIdentity.properties.principalI
@description('The resource ID of the created Managed Identity.')
output managedIdentityResourceId string = managedIdentity.id
+
+@description('The URL of the created certificate.')
+output certificateSecretUrl string = certDeploymentScript.properties.outputs.secretUrl
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
index cf964e7dd2..53502a9c97 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
@@ -12,7 +12,7 @@ param resourceGroupName string = 'ms.web.hostingenvironments-${serviceShort}-rg'
param location string = deployment().location
@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'whasev3'
+param serviceShort string = '<>v3'
@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
param enableDefaultTelemetry bool = true
@@ -35,6 +35,8 @@ module nestedDependencies 'dependencies.bicep' = {
networkSecurityGroupName: 'dep-<>-nsg-${serviceShort}'
virtualNetworkName: 'dep-<>-vnet-${serviceShort}'
managedIdentityName: 'dep-<>-msi-${serviceShort}'
+ keyVaultName: 'dep-<>-kv-${serviceShort}'
+ certDeploymentScriptName: 'dep-<>-ds-${serviceShort}'
}
}
@@ -62,7 +64,23 @@ module testDeployment '../../deploy.bicep' = {
params: {
enableDefaultTelemetry: enableDefaultTelemetry
name: '<>${serviceShort}001'
+ location: resourceGroup.location
+ lock: 'CanNotDelete'
+ roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ principalIds: [
+ nestedDependencies.outputs.managedIdentityPrincipalId
+ ]
+ principalType: 'ServicePrincipal'
+ }
+ ]
+ tags: {
+ resourceType: 'App Service Environment'
+ hostingEnvironmentName: '<>${serviceShort}001'
+ }
subnetResourceId: nestedDependencies.outputs.subnetResourceId
+ internalLoadBalancingMode: 'Web, Publishing'
clusterSettings: [
{
name: 'DisableTls1.0'
@@ -79,19 +97,12 @@ module testDeployment '../../deploy.bicep' = {
diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
- lock: 'CanNotDelete'
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalIds: [
- nestedDependencies.outputs.managedIdentityPrincipalId
- ]
- principalType: 'ServicePrincipal'
- }
- ]
systemAssignedIdentity: true
userAssignedIdentities: {
'${nestedDependencies.outputs.managedIdentityResourceId}': {}
}
+ customDnsSuffix: 'internal.contoso.com'
+ customDnsSuffixCertificateUrl: nestedDependencies.outputs.certificateSecretUrl
+ customDnsSuffixKeyVaultReferenceIdentity: nestedDependencies.outputs.managedIdentityResourceId
}
}
diff --git a/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/deploy.bicep
new file mode 100644
index 0000000000..e5d1288bf5
--- /dev/null
+++ b/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/deploy.bicep
@@ -0,0 +1,49 @@
+@description('Conditional. The name of the parent Hosting Environment. Required if the template is used in a standalone deployment.')
+param hostingEnvironmentName string
+
+@description('Required. Enable the default custom domain suffix to use for all sites deployed on the ASE.')
+param dnsSuffix string
+
+@description('Required. The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix.')
+param certificateUrl string
+
+@description('Required. The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available.')
+param keyVaultReferenceIdentity string
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+ name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+ properties: {
+ mode: 'Incremental'
+ template: {
+ '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+ contentVersion: '1.0.0.0'
+ resources: []
+ }
+ }
+}
+
+resource hostingEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' existing = {
+ name: hostingEnvironmentName
+}
+
+resource configuration 'Microsoft.Web/hostingEnvironments/configurations@2022-03-01' = {
+ name: 'customdnssuffix'
+ parent: hostingEnvironment
+ properties: {
+ certificateUrl: certificateUrl
+ keyVaultReferenceIdentity: keyVaultReferenceIdentity
+ dnsSuffix: dnsSuffix
+ }
+}
+
+@description('The name of the configuration.')
+output name string = configuration.name
+
+@description('The resource ID of the deployed configuration.')
+output resourceId string = configuration.id
+
+@description('The resource group of the deployed configuration.')
+output resourceGroupName string = resourceGroup().name
diff --git a/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/readme.md b/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/readme.md
new file mode 100644
index 0000000000..60bdd509f1
--- /dev/null
+++ b/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/readme.md
@@ -0,0 +1,51 @@
+# Web HostingEnvironments Configurations-customdnssuffix `[Microsoft.Web/hostingEnvironments/configurations-customdnssuffix]`
+
+This module deploys Web HostingEnvironments Configurations-customdnssuffix.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Web/hostingEnvironments/configurations` | [2022-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/hostingEnvironments/configurations) |
+
+## Parameters
+
+**Required parameters**
+
+| Parameter Name | Type | Description |
+| :-- | :-- | :-- |
+| `certificateUrl` | string | The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. |
+| `dnsSuffix` | string | Enable the default custom domain suffix to use for all sites deployed on the ASE. |
+| `keyVaultReferenceIdentity` | string | The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. |
+
+**Conditional parameters**
+
+| Parameter Name | Type | Description |
+| :-- | :-- | :-- |
+| `hostingEnvironmentName` | string | The name of the parent Hosting Environment. Required if the template is used in a standalone deployment. |
+
+**Optional parameters**
+
+| Parameter Name | Type | Default Value | Description |
+| :-- | :-- | :-- | :-- |
+| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
+
+
+## Outputs
+
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the configuration. |
+| `resourceGroupName` | string | The resource group of the deployed configuration. |
+| `resourceId` | string | The resource ID of the deployed configuration. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/version.json b/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/version.json
new file mode 100644
index 0000000000..56f8d9ca40
--- /dev/null
+++ b/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/version.json
@@ -0,0 +1,4 @@
+{
+ "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
+ "version": "0.4"
+}
diff --git a/modules/Microsoft.Web/hostingEnvironments/configurations-networking/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/configurations-networking/deploy.bicep
new file mode 100644
index 0000000000..fa62bbf545
--- /dev/null
+++ b/modules/Microsoft.Web/hostingEnvironments/configurations-networking/deploy.bicep
@@ -0,0 +1,53 @@
+@description('Conditional. The name of the parent Hosting Environment. Required if the template is used in a standalone deployment.')
+param hostingEnvironmentName string
+
+@description('Optional. Property to enable and disable new private endpoint connection creation on ASE.')
+param allowNewPrivateEndpointConnections bool = false
+
+@description('Optional. Property to enable and disable FTP on ASEV3.')
+param ftpEnabled bool = false
+
+@description('Optional. Customer provided Inbound IP Address. Only able to be set on Ase create.')
+param inboundIpAddressOverride string = ''
+
+@description('Optional. Property to enable and disable Remote Debug on ASEv3.')
+param remoteDebugEnabled bool = false
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+ name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+ properties: {
+ mode: 'Incremental'
+ template: {
+ '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+ contentVersion: '1.0.0.0'
+ resources: []
+ }
+ }
+}
+
+resource hostingEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' existing = {
+ name: hostingEnvironmentName
+}
+
+resource configuration 'Microsoft.Web/hostingEnvironments/configurations@2022-03-01' = {
+ name: 'networking'
+ parent: hostingEnvironment
+ properties: {
+ allowNewPrivateEndpointConnections: allowNewPrivateEndpointConnections
+ ftpEnabled: ftpEnabled
+ inboundIpAddressOverride: inboundIpAddressOverride
+ remoteDebugEnabled: remoteDebugEnabled
+ }
+}
+
+@description('The name of the configuration.')
+output name string = configuration.name
+
+@description('The resource ID of the deployed configuration.')
+output resourceId string = configuration.id
+
+@description('The resource group of the deployed configuration.')
+output resourceGroupName string = resourceGroup().name
diff --git a/modules/Microsoft.Web/hostingEnvironments/configurations-networking/readme.md b/modules/Microsoft.Web/hostingEnvironments/configurations-networking/readme.md
new file mode 100644
index 0000000000..189b62c6c7
--- /dev/null
+++ b/modules/Microsoft.Web/hostingEnvironments/configurations-networking/readme.md
@@ -0,0 +1,47 @@
+# Web HostingEnvironments Configurations-networking `[Microsoft.Web/hostingEnvironments/configurations-networking]`
+
+This module deploys Web HostingEnvironments Configurations-networking.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Web/hostingEnvironments/configurations` | [2022-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/hostingEnvironments/configurations) |
+
+## Parameters
+
+**Conditional parameters**
+
+| Parameter Name | Type | Description |
+| :-- | :-- | :-- |
+| `hostingEnvironmentName` | string | The name of the parent Hosting Environment. Required if the template is used in a standalone deployment. |
+
+**Optional parameters**
+
+| Parameter Name | Type | Default Value | Description |
+| :-- | :-- | :-- | :-- |
+| `allowNewPrivateEndpointConnections` | bool | `False` | Property to enable and disable new private endpoint connection creation on ASE. |
+| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
+| `ftpEnabled` | bool | `False` | Property to enable and disable FTP on ASEV3. |
+| `inboundIpAddressOverride` | string | `''` | Customer provided Inbound IP Address. Only able to be set on Ase create. |
+| `remoteDebugEnabled` | bool | `False` | Property to enable and disable Remote Debug on ASEv3. |
+
+
+## Outputs
+
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the configuration. |
+| `resourceGroupName` | string | The resource group of the deployed configuration. |
+| `resourceId` | string | The resource ID of the deployed configuration. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/Microsoft.Web/hostingEnvironments/configurations-networking/version.json b/modules/Microsoft.Web/hostingEnvironments/configurations-networking/version.json
new file mode 100644
index 0000000000..56f8d9ca40
--- /dev/null
+++ b/modules/Microsoft.Web/hostingEnvironments/configurations-networking/version.json
@@ -0,0 +1,4 @@
+{
+ "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
+ "version": "0.4"
+}
diff --git a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
index d26eb5a041..95b90705cb 100644
--- a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
@@ -33,8 +33,15 @@ param clusterSettings array = [
value: '1'
}
]
-@description('Optional. CustomDnsSuffixConfiguration resource specific properties. Includes certificateUrl, dnsSuffix and keyVaultReferenceIdentity. Not available when internalLoadBalancingMode is set to None. Cannot be used when kind is set to ASEv2.')
-param customDnsSuffixConfiguration object = {}
+
+@description('Optional. Enable the default custom domain suffix to use for all sites deployed on the ASE. If provided, then customDnsSuffixCertificateUrl and customDnsSuffixKeyVaultReferenceIdentity are required. Cannot be used when kind is set to ASEv2.')
+param customDnsSuffix string = ''
+
+@description('Conditional. The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2.')
+param customDnsSuffixCertificateUrl string = ''
+
+@description('Conditional. The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2.')
+param customDnsSuffixKeyVaultReferenceIdentity string = ''
@description('Optional. The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2.')
param dedicatedHostCount int = 0
@@ -132,7 +139,7 @@ param enableDefaultTelemetry bool = true
@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.')
@allowed([
'allLogs'
- 'AppServiceEnvironmentPlatformLogs'
+ 'hostingEnvironmentPlatformLogs'
])
param diagnosticLogCategoriesToEnable array = [
'allLogs'
@@ -162,6 +169,7 @@ var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [
] : diagnosticsLogsSpecified
var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None')
+var enableReferencedModulesTelemetry = false
var identity = identityType != 'None' ? {
type: identityType
@@ -180,7 +188,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
}
}
-resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' = {
+resource hostingEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' = {
name: name
kind: kind
location: location
@@ -188,7 +196,6 @@ resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' =
identity: identity
properties: {
clusterSettings: clusterSettings
- customDnsSuffixConfiguration: !empty(customDnsSuffixConfiguration) ? customDnsSuffixConfiguration : null
dedicatedHostCount: dedicatedHostCount != 0 ? dedicatedHostCount : null
dnsSuffix: dnsSuffix
frontEndScaleFactor: frontEndScaleFactor
@@ -205,27 +212,39 @@ resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' =
}
}
-resource appServiceEnvironment_configurations_networking 'Microsoft.Web/hostingEnvironments/configurations@2022-03-01' = if (kind == 'ASEv3') {
- name: 'networking'
- parent: appServiceEnvironment
- properties: {
+module hostingEnvironment_configurations_networking 'configurations-networking/deploy.bicep' = if (kind == 'ASEv3') {
+ name: '${uniqueString(deployment().name, location)}-HostingEnvironment-Configurations-Networking'
+ params: {
+ hostingEnvironmentName: hostingEnvironment.name
allowNewPrivateEndpointConnections: allowNewPrivateEndpointConnections
ftpEnabled: ftpEnabled
inboundIpAddressOverride: inboundIpAddressOverride
remoteDebugEnabled: remoteDebugEnabled
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+}
+
+module hostingEnvironment_configurations_customDnsSuffix 'configurations-customDnsSuffix/deploy.bicep' = if (kind == 'ASEv3' && !empty(customDnsSuffix)) {
+ name: '${uniqueString(deployment().name, location)}-HostingEnvironment-Configurations-CustomDnsSuffix'
+ params: {
+ hostingEnvironmentName: hostingEnvironment.name
+ certificateUrl: customDnsSuffixCertificateUrl
+ keyVaultReferenceIdentity: customDnsSuffixKeyVaultReferenceIdentity
+ dnsSuffix: customDnsSuffix
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
}
}
-resource appServiceEnvironment_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) {
- name: '${appServiceEnvironment.name}-${lock}-lock'
+resource hostingEnvironment_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) {
+ name: '${hostingEnvironment.name}-${lock}-lock'
properties: {
level: any(lock)
notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.'
}
- scope: appServiceEnvironment
+ scope: hostingEnvironment
}
-resource appServiceEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) {
+resource hostingEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) {
name: diagnosticSettingsName
properties: {
storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null
@@ -234,11 +253,11 @@ resource appServiceEnvironment_diagnosticSettings 'Microsoft.Insights/diagnostic
eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null
logs: diagnosticsLogs
}
- scope: appServiceEnvironment
+ scope: hostingEnvironment
}
-module appServiceEnvironment_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: {
- name: '${uniqueString(deployment().name, location)}-AppServiceEnv-Rbac-${index}'
+module hostingEnvironment_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: {
+ name: '${uniqueString(deployment().name, location)}-HostingEnvironment-Rbac-${index}'
params: {
description: contains(roleAssignment, 'description') ? roleAssignment.description : ''
principalIds: roleAssignment.principalIds
@@ -246,18 +265,18 @@ module appServiceEnvironment_roleAssignments '.bicep/nested_roleAssignments.bice
roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName
condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : ''
delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : ''
- resourceId: appServiceEnvironment.id
+ resourceId: hostingEnvironment.id
}
}]
-@description('The resource ID of the app service environment.')
-output resourceId string = appServiceEnvironment.id
+@description('The resource ID of the App Service Environment.')
+output resourceId string = hostingEnvironment.id
-@description('The resource group the app service environment was deployed into.')
+@description('The resource group the App Service Environment was deployed into.')
output resourceGroupName string = resourceGroup().name
-@description('The name of the app service environment.')
-output name string = appServiceEnvironment.name
+@description('The name of the App Service Environment.')
+output name string = hostingEnvironment.name
@description('The location the resource was deployed into.')
-output location string = appServiceEnvironment.location
+output location string = hostingEnvironment.location
diff --git a/modules/Microsoft.Web/hostingEnvironments/readme.md b/modules/Microsoft.Web/hostingEnvironments/readme.md
index 7fe78d9072..04e6db7368 100644
--- a/modules/Microsoft.Web/hostingEnvironments/readme.md
+++ b/modules/Microsoft.Web/hostingEnvironments/readme.md
@@ -29,17 +29,24 @@ This module deploys an app service environment.
| `name` | string | Name of the App Service Environment. |
| `subnetResourceId` | string | ResourceId for the subnet. |
+**Conditional parameters**
+
+| Parameter Name | Type | Default Value | Description |
+| :-- | :-- | :-- | :-- |
+| `customDnsSuffixCertificateUrl` | string | `''` | The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2. |
+| `customDnsSuffixKeyVaultReferenceIdentity` | string | `''` | The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2. |
+
**Optional parameters**
| Parameter Name | Type | Default Value | Allowed Values | Description |
| :-- | :-- | :-- | :-- | :-- |
| `allowNewPrivateEndpointConnections` | bool | `False` | | Property to enable and disable new private endpoint connection creation on ASE. Ignored when kind is set to ASEv2. |
| `clusterSettings` | array | `[System.Management.Automation.OrderedHashtable]` | | Custom settings for changing the behavior of the App Service Environment. |
-| `customDnsSuffixConfiguration` | object | `{object}` | | CustomDnsSuffixConfiguration resource specific properties. Includes certificateUrl, dnsSuffix and keyVaultReferenceIdentity. Not available when internalLoadBalancingMode is set to None. Cannot be used when kind is set to ASEv2. |
+| `customDnsSuffix` | string | `''` | | Enable the default custom domain suffix to use for all sites deployed on the ASE. If provided, then customDnsSuffixCertificateUrl and customDnsSuffixKeyVaultReferenceIdentity are required. Cannot be used when kind is set to ASEv2. |
| `dedicatedHostCount` | int | `0` | | The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2. |
| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, AppServiceEnvironmentPlatformLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. |
+| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, hostingEnvironmentPlatformLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. |
| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. |
| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. |
| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. |
@@ -238,9 +245,9 @@ userAssignedIdentities: {
| Output Name | Type | Description |
| :-- | :-- | :-- |
| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the app service environment. |
-| `resourceGroupName` | string | The resource group the app service environment was deployed into. |
-| `resourceId` | string | The resource ID of the app service environment. |
+| `name` | string | The name of the App Service Environment. |
+| `resourceGroupName` | string | The resource group the App Service Environment was deployed into. |
+| `resourceId` | string | The resource ID of the App Service Environment. |
## Cross-referenced modules
@@ -281,6 +288,8 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
enableDefaultTelemetry: ''
ipsslAddressCount: 2
kind: 'ASEv2'
+ location: ''
+ lock: 'CanNotDelete'
multiSize: 'Standard_D1_V2'
roleAssignments: [
{
@@ -291,6 +300,14 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
roleDefinitionIdOrName: 'Reader'
}
]
+ systemAssignedIdentity: true
+ tags: {
+ hostingEnvironmentName: '<>whasev2001'
+ resourceType: 'App Service Environment'
+ }
+ userAssignedIdentities: {
+ '': {}
+ }
}
}
```
@@ -347,6 +364,12 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
"kind": {
"value": "ASEv2"
},
+ "location": {
+ "value": ""
+ },
+ "lock": {
+ "value": "CanNotDelete"
+ },
"multiSize": {
"value": "Standard_D1_V2"
},
@@ -360,6 +383,20 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
"roleDefinitionIdOrName": "Reader"
}
]
+ },
+ "systemAssignedIdentity": {
+ "value": true
+ },
+ "tags": {
+ "value": {
+ "hostingEnvironmentName": "<>whasev2001",
+ "resourceType": "App Service Environment"
+ }
+ },
+ "userAssignedIdentities": {
+ "value": {
+ "": {}
+ }
}
}
}
@@ -376,10 +413,10 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
```bicep
module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' = {
- name: '${uniqueString(deployment().name, location)}-test-whasev3'
+ name: '${uniqueString(deployment().name, location)}-test-<>v3'
params: {
// Required parameters
- name: '<>whasev3001'
+ name: '<><>v3001'
subnetResourceId: ''
// Non-required parameters
allowNewPrivateEndpointConnections: true
@@ -389,6 +426,9 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
value: '1'
}
]
+ customDnsSuffix: 'internal.contoso.com'
+ customDnsSuffixCertificateUrl: ''
+ customDnsSuffixKeyVaultReferenceIdentity: ''
diagnosticEventHubAuthorizationRuleId: ''
diagnosticEventHubName: ''
diagnosticLogsRetentionInDays: 7
@@ -397,6 +437,8 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
enableDefaultTelemetry: ''
ftpEnabled: true
inboundIpAddressOverride: '10.0.0.10'
+ internalLoadBalancingMode: 'Web Publishing'
+ location: ''
lock: 'CanNotDelete'
remoteDebugEnabled: true
roleAssignments: [
@@ -409,6 +451,10 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
}
]
systemAssignedIdentity: true
+ tags: {
+ hostingEnvironmentName: '<><>v3001'
+ resourceType: 'App Service Environment'
+ }
upgradePreference: 'Late'
userAssignedIdentities: {
'': {}
@@ -431,7 +477,7 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
"parameters": {
// Required parameters
"name": {
- "value": "<>whasev3001"
+ "value": "<><>v3001"
},
"subnetResourceId": {
"value": ""
@@ -448,6 +494,15 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
}
]
},
+ "customDnsSuffix": {
+ "value": "internal.contoso.com"
+ },
+ "customDnsSuffixCertificateUrl": {
+ "value": ""
+ },
+ "customDnsSuffixKeyVaultReferenceIdentity": {
+ "value": ""
+ },
"diagnosticEventHubAuthorizationRuleId": {
"value": ""
},
@@ -472,6 +527,12 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
"inboundIpAddressOverride": {
"value": "10.0.0.10"
},
+ "internalLoadBalancingMode": {
+ "value": "Web, Publishing"
+ },
+ "location": {
+ "value": ""
+ },
"lock": {
"value": "CanNotDelete"
},
@@ -492,6 +553,12 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
"systemAssignedIdentity": {
"value": true
},
+ "tags": {
+ "value": {
+ "hostingEnvironmentName": "<><>v3001",
+ "resourceType": "App Service Environment"
+ }
+ },
"upgradePreference": {
"value": "Late"
},
From 5c536b04d3a32d8e7d2afc241a7985b00813c1ca Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Tue, 31 Jan 2023 20:19:29 +1100
Subject: [PATCH 03/18] test
---
.../.test/asev2/deploy.test.bicep | 20 ++---
.../.test/asev3/deploy.test.bicep | 88 +++++++++----------
2 files changed, 54 insertions(+), 54 deletions(-)
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
index 8672caaf86..53ed3e00f8 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
@@ -12,7 +12,7 @@ param resourceGroupName string = 'ms.web.hostingenvironments-${serviceShort}-rg'
param location string = deployment().location
@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'whasev2'
+param serviceShort string = 'ziro2'
@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
param enableDefaultTelemetry bool = true
@@ -32,9 +32,9 @@ module nestedDependencies 'dependencies.bicep' = {
scope: resourceGroup
name: '${uniqueString(deployment().name, location)}-nestedDependencies'
params: {
- networkSecurityGroupName: 'dep-<>-nsg-${serviceShort}'
- virtualNetworkName: 'dep-<>-vnet-${serviceShort}'
- managedIdentityName: 'dep-<>-msi-${serviceShort}'
+ networkSecurityGroupName: 'dep-ziro-nsg-${serviceShort}'
+ virtualNetworkName: 'dep-ziro-vnet-${serviceShort}'
+ managedIdentityName: 'dep-ziro-msi-${serviceShort}'
}
}
@@ -44,10 +44,10 @@ module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnost
scope: resourceGroup
name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
params: {
- storageAccountName: 'dep<>diasa${serviceShort}01'
- logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}'
- eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}'
- eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}'
+ storageAccountName: 'depzirodiasa${serviceShort}01'
+ logAnalyticsWorkspaceName: 'dep-ziro-law-${serviceShort}'
+ eventHubNamespaceEventHubName: 'dep-ziro-evh-${serviceShort}'
+ eventHubNamespaceName: 'dep-ziro-evhns-${serviceShort}'
location: location
}
}
@@ -61,7 +61,7 @@ module testDeployment '../../deploy.bicep' = {
name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
params: {
enableDefaultTelemetry: enableDefaultTelemetry
- name: '<>${serviceShort}001'
+ name: 'ziro${serviceShort}001'
location: resourceGroup.location
lock: 'CanNotDelete'
roleAssignments: [
@@ -75,7 +75,7 @@ module testDeployment '../../deploy.bicep' = {
]
tags: {
resourceType: 'App Service Environment'
- hostingEnvironmentName: '<>${serviceShort}001'
+ hostingEnvironmentName: 'ziro${serviceShort}001'
}
subnetResourceId: nestedDependencies.outputs.subnetResourceId
clusterSettings: [
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
index 53502a9c97..0007f9fb96 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
@@ -12,7 +12,7 @@ param resourceGroupName string = 'ms.web.hostingenvironments-${serviceShort}-rg'
param location string = deployment().location
@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = '<>v3'
+param serviceShort string = 'frogv3'
@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
param enableDefaultTelemetry bool = true
@@ -32,11 +32,11 @@ module nestedDependencies 'dependencies.bicep' = {
scope: resourceGroup
name: '${uniqueString(deployment().name, location)}-nestedDependencies'
params: {
- networkSecurityGroupName: 'dep-<>-nsg-${serviceShort}'
- virtualNetworkName: 'dep-<>-vnet-${serviceShort}'
- managedIdentityName: 'dep-<>-msi-${serviceShort}'
- keyVaultName: 'dep-<>-kv-${serviceShort}'
- certDeploymentScriptName: 'dep-<>-ds-${serviceShort}'
+ networkSecurityGroupName: 'dep-frognsg-${serviceShort}'
+ virtualNetworkName: 'dep-frogvnet-${serviceShort}'
+ managedIdentityName: 'dep-frogmsi-${serviceShort}'
+ keyVaultName: 'dep-frogkv-${serviceShort}'
+ certDeploymentScriptName: 'dep-frogds-${serviceShort}'
}
}
@@ -46,10 +46,10 @@ module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnost
scope: resourceGroup
name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
params: {
- storageAccountName: 'dep<>diasa${serviceShort}01'
- logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}'
- eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}'
- eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}'
+ storageAccountName: 'depfrogdiasa${serviceShort}01'
+ logAnalyticsWorkspaceName: 'dep-froglaw-${serviceShort}'
+ eventHubNamespaceEventHubName: 'dep-frogevh-${serviceShort}'
+ eventHubNamespaceName: 'dep-frogevhns-${serviceShort}'
location: location
}
}
@@ -63,46 +63,46 @@ module testDeployment '../../deploy.bicep' = {
name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
params: {
enableDefaultTelemetry: enableDefaultTelemetry
- name: '<>${serviceShort}001'
+ name: 'frog${serviceShort}001'
location: resourceGroup.location
- lock: 'CanNotDelete'
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalIds: [
- nestedDependencies.outputs.managedIdentityPrincipalId
- ]
- principalType: 'ServicePrincipal'
- }
- ]
- tags: {
- resourceType: 'App Service Environment'
- hostingEnvironmentName: '<>${serviceShort}001'
- }
+ //lock: 'CanNotDelete'
+ //roleAssignments: [
+ // {
+ // roleDefinitionIdOrName: 'Reader'
+ // principalIds: [
+ // nestedDependencies.outputs.managedIdentityPrincipalId
+ // ]
+ // principalType: 'ServicePrincipal'
+ // }
+ //]
+ //tags: {
+ // resourceType: 'App Service Environment'
+ // hostingEnvironmentName: 'frog${serviceShort}001'
+ //}
subnetResourceId: nestedDependencies.outputs.subnetResourceId
internalLoadBalancingMode: 'Web, Publishing'
- clusterSettings: [
- {
- name: 'DisableTls1.0'
- value: '1'
- }
- ]
- allowNewPrivateEndpointConnections: true
- ftpEnabled: true
- inboundIpAddressOverride: '10.0.0.10'
- remoteDebugEnabled: true
- upgradePreference: 'Late'
- diagnosticLogsRetentionInDays: 7
- diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
- diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
- diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
- diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+ //clusterSettings: [
+ // {
+ // name: 'DisableTls1.0'
+ // value: '1'
+ // }
+ //]
+ //allowNewPrivateEndpointConnections: true
+ //ftpEnabled: true
+ //inboundIpAddressOverride: '10.0.0.10'
+ //remoteDebugEnabled: true
+ //upgradePreference: 'Late'
+ //diagnosticLogsRetentionInDays: 7
+ //diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+ //diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+ //diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+ //diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
systemAssignedIdentity: true
userAssignedIdentities: {
'${nestedDependencies.outputs.managedIdentityResourceId}': {}
}
- customDnsSuffix: 'internal.contoso.com'
- customDnsSuffixCertificateUrl: nestedDependencies.outputs.certificateSecretUrl
- customDnsSuffixKeyVaultReferenceIdentity: nestedDependencies.outputs.managedIdentityResourceId
+ //customDnsSuffix: 'internal.contoso.com'
+ //customDnsSuffixCertificateUrl: nestedDependencies.outputs.certificateSecretUrl
+ //customDnsSuffixKeyVaultReferenceIdentity: nestedDependencies.outputs.managedIdentityResourceId
}
}
From f161f05c31c91ee7cd21e7e6c45493430818bc70 Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Wed, 1 Feb 2023 21:29:07 +1100
Subject: [PATCH 04/18] updated documentation
---
.../.test/asev2/deploy.test.bicep | 20 ++---
.../.test/asev3/deploy.test.bicep | 88 +++++++++----------
.../hostingEnvironments/readme.md | 10 +--
3 files changed, 59 insertions(+), 59 deletions(-)
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
index 53ed3e00f8..8672caaf86 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
@@ -12,7 +12,7 @@ param resourceGroupName string = 'ms.web.hostingenvironments-${serviceShort}-rg'
param location string = deployment().location
@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'ziro2'
+param serviceShort string = 'whasev2'
@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
param enableDefaultTelemetry bool = true
@@ -32,9 +32,9 @@ module nestedDependencies 'dependencies.bicep' = {
scope: resourceGroup
name: '${uniqueString(deployment().name, location)}-nestedDependencies'
params: {
- networkSecurityGroupName: 'dep-ziro-nsg-${serviceShort}'
- virtualNetworkName: 'dep-ziro-vnet-${serviceShort}'
- managedIdentityName: 'dep-ziro-msi-${serviceShort}'
+ networkSecurityGroupName: 'dep-<>-nsg-${serviceShort}'
+ virtualNetworkName: 'dep-<>-vnet-${serviceShort}'
+ managedIdentityName: 'dep-<>-msi-${serviceShort}'
}
}
@@ -44,10 +44,10 @@ module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnost
scope: resourceGroup
name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
params: {
- storageAccountName: 'depzirodiasa${serviceShort}01'
- logAnalyticsWorkspaceName: 'dep-ziro-law-${serviceShort}'
- eventHubNamespaceEventHubName: 'dep-ziro-evh-${serviceShort}'
- eventHubNamespaceName: 'dep-ziro-evhns-${serviceShort}'
+ storageAccountName: 'dep<>diasa${serviceShort}01'
+ logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}'
+ eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}'
+ eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}'
location: location
}
}
@@ -61,7 +61,7 @@ module testDeployment '../../deploy.bicep' = {
name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
params: {
enableDefaultTelemetry: enableDefaultTelemetry
- name: 'ziro${serviceShort}001'
+ name: '<>${serviceShort}001'
location: resourceGroup.location
lock: 'CanNotDelete'
roleAssignments: [
@@ -75,7 +75,7 @@ module testDeployment '../../deploy.bicep' = {
]
tags: {
resourceType: 'App Service Environment'
- hostingEnvironmentName: 'ziro${serviceShort}001'
+ hostingEnvironmentName: '<>${serviceShort}001'
}
subnetResourceId: nestedDependencies.outputs.subnetResourceId
clusterSettings: [
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
index 0007f9fb96..7b415c0681 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
@@ -12,7 +12,7 @@ param resourceGroupName string = 'ms.web.hostingenvironments-${serviceShort}-rg'
param location string = deployment().location
@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'frogv3'
+param serviceShort string = 'whasev3'
@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
param enableDefaultTelemetry bool = true
@@ -32,11 +32,11 @@ module nestedDependencies 'dependencies.bicep' = {
scope: resourceGroup
name: '${uniqueString(deployment().name, location)}-nestedDependencies'
params: {
- networkSecurityGroupName: 'dep-frognsg-${serviceShort}'
- virtualNetworkName: 'dep-frogvnet-${serviceShort}'
- managedIdentityName: 'dep-frogmsi-${serviceShort}'
- keyVaultName: 'dep-frogkv-${serviceShort}'
- certDeploymentScriptName: 'dep-frogds-${serviceShort}'
+ networkSecurityGroupName: 'dep-<>nsg-${serviceShort}'
+ virtualNetworkName: 'dep-<>vnet-${serviceShort}'
+ managedIdentityName: 'dep-<>msi-${serviceShort}'
+ keyVaultName: 'dep-<>kv-${serviceShort}'
+ certDeploymentScriptName: 'dep-<>ds-${serviceShort}'
}
}
@@ -46,10 +46,10 @@ module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnost
scope: resourceGroup
name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
params: {
- storageAccountName: 'depfrogdiasa${serviceShort}01'
- logAnalyticsWorkspaceName: 'dep-froglaw-${serviceShort}'
- eventHubNamespaceEventHubName: 'dep-frogevh-${serviceShort}'
- eventHubNamespaceName: 'dep-frogevhns-${serviceShort}'
+ storageAccountName: 'dep<>diasa${serviceShort}01'
+ logAnalyticsWorkspaceName: 'dep-<>law-${serviceShort}'
+ eventHubNamespaceEventHubName: 'dep-<>evh-${serviceShort}'
+ eventHubNamespaceName: 'dep-<>evhns-${serviceShort}'
location: location
}
}
@@ -63,46 +63,46 @@ module testDeployment '../../deploy.bicep' = {
name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
params: {
enableDefaultTelemetry: enableDefaultTelemetry
- name: 'frog${serviceShort}001'
+ name: '<>${serviceShort}001'
location: resourceGroup.location
- //lock: 'CanNotDelete'
- //roleAssignments: [
- // {
- // roleDefinitionIdOrName: 'Reader'
- // principalIds: [
- // nestedDependencies.outputs.managedIdentityPrincipalId
- // ]
- // principalType: 'ServicePrincipal'
- // }
- //]
- //tags: {
- // resourceType: 'App Service Environment'
- // hostingEnvironmentName: 'frog${serviceShort}001'
- //}
+ lock: 'CanNotDelete'
+ roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ principalIds: [
+ nestedDependencies.outputs.managedIdentityPrincipalId
+ ]
+ principalType: 'ServicePrincipal'
+ }
+ ]
+ tags: {
+ resourceType: 'App Service Environment'
+ hostingEnvironmentName: '<>${serviceShort}001'
+ }
subnetResourceId: nestedDependencies.outputs.subnetResourceId
internalLoadBalancingMode: 'Web, Publishing'
- //clusterSettings: [
- // {
- // name: 'DisableTls1.0'
- // value: '1'
- // }
- //]
- //allowNewPrivateEndpointConnections: true
- //ftpEnabled: true
- //inboundIpAddressOverride: '10.0.0.10'
- //remoteDebugEnabled: true
- //upgradePreference: 'Late'
- //diagnosticLogsRetentionInDays: 7
- //diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
- //diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
- //diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
- //diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+ clusterSettings: [
+ {
+ name: 'DisableTls1.0'
+ value: '1'
+ }
+ ]
+ allowNewPrivateEndpointConnections: true
+ ftpEnabled: true
+ inboundIpAddressOverride: '10.0.0.10'
+ remoteDebugEnabled: true
+ upgradePreference: 'Late'
+ diagnosticLogsRetentionInDays: 7
+ diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+ diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+ diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+ diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
systemAssignedIdentity: true
userAssignedIdentities: {
'${nestedDependencies.outputs.managedIdentityResourceId}': {}
}
- //customDnsSuffix: 'internal.contoso.com'
- //customDnsSuffixCertificateUrl: nestedDependencies.outputs.certificateSecretUrl
- //customDnsSuffixKeyVaultReferenceIdentity: nestedDependencies.outputs.managedIdentityResourceId
+ customDnsSuffix: 'internal.contoso.com'
+ customDnsSuffixCertificateUrl: nestedDependencies.outputs.certificateSecretUrl
+ customDnsSuffixKeyVaultReferenceIdentity: nestedDependencies.outputs.managedIdentityResourceId
}
}
diff --git a/modules/Microsoft.Web/hostingEnvironments/readme.md b/modules/Microsoft.Web/hostingEnvironments/readme.md
index 04e6db7368..10bb82ac47 100644
--- a/modules/Microsoft.Web/hostingEnvironments/readme.md
+++ b/modules/Microsoft.Web/hostingEnvironments/readme.md
@@ -413,10 +413,10 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
```bicep
module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' = {
- name: '${uniqueString(deployment().name, location)}-test-<>v3'
+ name: '${uniqueString(deployment().name, location)}-test-whasev3'
params: {
// Required parameters
- name: '<><>v3001'
+ name: '<>whasev3001'
subnetResourceId: ''
// Non-required parameters
allowNewPrivateEndpointConnections: true
@@ -452,7 +452,7 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
]
systemAssignedIdentity: true
tags: {
- hostingEnvironmentName: '<><>v3001'
+ hostingEnvironmentName: '<>whasev3001'
resourceType: 'App Service Environment'
}
upgradePreference: 'Late'
@@ -477,7 +477,7 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
"parameters": {
// Required parameters
"name": {
- "value": "<><>v3001"
+ "value": "<>whasev3001"
},
"subnetResourceId": {
"value": ""
@@ -555,7 +555,7 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
},
"tags": {
"value": {
- "hostingEnvironmentName": "<><>v3001",
+ "hostingEnvironmentName": "<>whasev3001",
"resourceType": "App Service Environment"
}
},
From a236453e0bb83dbaaf0af7843e169db2e6f833af Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Wed, 1 Feb 2023 23:02:13 +1100
Subject: [PATCH 05/18] updated module
---
.../.test/asev3/deploy.test.bicep | 14 +++++++-------
.../Microsoft.Web/hostingEnvironments/deploy.bicep | 2 +-
.../Microsoft.Web/hostingEnvironments/readme.md | 2 +-
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
index 7b415c0681..1cf4223c9c 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
@@ -32,10 +32,10 @@ module nestedDependencies 'dependencies.bicep' = {
scope: resourceGroup
name: '${uniqueString(deployment().name, location)}-nestedDependencies'
params: {
- networkSecurityGroupName: 'dep-<>nsg-${serviceShort}'
- virtualNetworkName: 'dep-<>vnet-${serviceShort}'
- managedIdentityName: 'dep-<>msi-${serviceShort}'
- keyVaultName: 'dep-<>kv-${serviceShort}'
+ networkSecurityGroupName: 'dep-<>-nsg-${serviceShort}'
+ virtualNetworkName: 'dep-<>-vnet-${serviceShort}'
+ managedIdentityName: 'dep-<->msi-${serviceShort}'
+ keyVaultName: 'dep-<>-kv-${serviceShort}'
certDeploymentScriptName: 'dep-<>ds-${serviceShort}'
}
}
@@ -47,9 +47,9 @@ module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnost
name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
params: {
storageAccountName: 'dep<>diasa${serviceShort}01'
- logAnalyticsWorkspaceName: 'dep-<>law-${serviceShort}'
- eventHubNamespaceEventHubName: 'dep-<>evh-${serviceShort}'
- eventHubNamespaceName: 'dep-<>evhns-${serviceShort}'
+ logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}'
+ eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}'
+ eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}'
location: location
}
}
diff --git a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
index 95b90705cb..dc356083af 100644
--- a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
@@ -139,7 +139,7 @@ param enableDefaultTelemetry bool = true
@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.')
@allowed([
'allLogs'
- 'hostingEnvironmentPlatformLogs'
+ 'AppServiceEnvironmentPlatformLogs'
])
param diagnosticLogCategoriesToEnable array = [
'allLogs'
diff --git a/modules/Microsoft.Web/hostingEnvironments/readme.md b/modules/Microsoft.Web/hostingEnvironments/readme.md
index 10bb82ac47..181563f257 100644
--- a/modules/Microsoft.Web/hostingEnvironments/readme.md
+++ b/modules/Microsoft.Web/hostingEnvironments/readme.md
@@ -46,7 +46,7 @@ This module deploys an app service environment.
| `dedicatedHostCount` | int | `0` | | The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2. |
| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, hostingEnvironmentPlatformLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. |
+| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, AppServiceEnvironmentPlatformLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. |
| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. |
| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. |
| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. |
From bc772d830fff09f47e0326d58685ba22dc046ff5 Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Fri, 3 Feb 2023 17:35:25 +1100
Subject: [PATCH 06/18] updated identity variable
---
modules/Microsoft.Web/hostingEnvironments/deploy.bicep | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
index dc356083af..b6e14e8919 100644
--- a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
@@ -174,7 +174,7 @@ var enableReferencedModulesTelemetry = false
var identity = identityType != 'None' ? {
type: identityType
userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null
-} : null
+} : {}
resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
From 475ddffef2cb73f04bf7f8c7c47eb5f3de81768a Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Sat, 4 Feb 2023 07:37:37 +1100
Subject: [PATCH 07/18] restored to appServiceEnvironment
---
.../deploy.bicep | 4 +--
.../configurations-networking/deploy.bicep | 4 +--
.../hostingEnvironments/deploy.bicep | 36 +++++++++----------
3 files changed, 22 insertions(+), 22 deletions(-)
diff --git a/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/deploy.bicep
index e5d1288bf5..118360ffe5 100644
--- a/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/deploy.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/deploy.bicep
@@ -25,13 +25,13 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
}
}
-resource hostingEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' existing = {
+resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' existing = {
name: hostingEnvironmentName
}
resource configuration 'Microsoft.Web/hostingEnvironments/configurations@2022-03-01' = {
name: 'customdnssuffix'
- parent: hostingEnvironment
+ parent: appServiceEnvironment
properties: {
certificateUrl: certificateUrl
keyVaultReferenceIdentity: keyVaultReferenceIdentity
diff --git a/modules/Microsoft.Web/hostingEnvironments/configurations-networking/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/configurations-networking/deploy.bicep
index fa62bbf545..320d11711e 100644
--- a/modules/Microsoft.Web/hostingEnvironments/configurations-networking/deploy.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/configurations-networking/deploy.bicep
@@ -28,13 +28,13 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
}
}
-resource hostingEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' existing = {
+resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' existing = {
name: hostingEnvironmentName
}
resource configuration 'Microsoft.Web/hostingEnvironments/configurations@2022-03-01' = {
name: 'networking'
- parent: hostingEnvironment
+ parent: appServiceEnvironment
properties: {
allowNewPrivateEndpointConnections: allowNewPrivateEndpointConnections
ftpEnabled: ftpEnabled
diff --git a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
index b6e14e8919..b36e279463 100644
--- a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
@@ -188,7 +188,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
}
}
-resource hostingEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' = {
+resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' = {
name: name
kind: kind
location: location
@@ -212,10 +212,10 @@ resource hostingEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' = {
}
}
-module hostingEnvironment_configurations_networking 'configurations-networking/deploy.bicep' = if (kind == 'ASEv3') {
- name: '${uniqueString(deployment().name, location)}-HostingEnvironment-Configurations-Networking'
+module appServiceEnvironment_configurations_networking 'configurations-networking/deploy.bicep' = if (kind == 'ASEv3') {
+ name: '${uniqueString(deployment().name, location)}-AppServiceEnv-Configurations-Networking'
params: {
- hostingEnvironmentName: hostingEnvironment.name
+ hostingEnvironmentName: appServiceEnvironment.name
allowNewPrivateEndpointConnections: allowNewPrivateEndpointConnections
ftpEnabled: ftpEnabled
inboundIpAddressOverride: inboundIpAddressOverride
@@ -224,10 +224,10 @@ module hostingEnvironment_configurations_networking 'configurations-networking/d
}
}
-module hostingEnvironment_configurations_customDnsSuffix 'configurations-customDnsSuffix/deploy.bicep' = if (kind == 'ASEv3' && !empty(customDnsSuffix)) {
- name: '${uniqueString(deployment().name, location)}-HostingEnvironment-Configurations-CustomDnsSuffix'
+module appServiceEnvironment_configurations_customDnsSuffix 'configurations-customDnsSuffix/deploy.bicep' = if (kind == 'ASEv3' && !empty(customDnsSuffix)) {
+ name: '${uniqueString(deployment().name, location)}-AppServiceEnv-Configurations-CustomDnsSuffix'
params: {
- hostingEnvironmentName: hostingEnvironment.name
+ hostingEnvironmentName: appServiceEnvironment.name
certificateUrl: customDnsSuffixCertificateUrl
keyVaultReferenceIdentity: customDnsSuffixKeyVaultReferenceIdentity
dnsSuffix: customDnsSuffix
@@ -235,16 +235,16 @@ module hostingEnvironment_configurations_customDnsSuffix 'configurations-customD
}
}
-resource hostingEnvironment_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) {
- name: '${hostingEnvironment.name}-${lock}-lock'
+resource appServiceEnvironment_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) {
+ name: '${appServiceEnvironment.name}-${lock}-lock'
properties: {
level: any(lock)
notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.'
}
- scope: hostingEnvironment
+ scope: appServiceEnvironment
}
-resource hostingEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) {
+resource appServiceEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) {
name: diagnosticSettingsName
properties: {
storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null
@@ -253,11 +253,11 @@ resource hostingEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSet
eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null
logs: diagnosticsLogs
}
- scope: hostingEnvironment
+ scope: appServiceEnvironment
}
-module hostingEnvironment_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: {
- name: '${uniqueString(deployment().name, location)}-HostingEnvironment-Rbac-${index}'
+module appServiceEnvironment_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: {
+ name: '${uniqueString(deployment().name, location)}-AppServiceEnv-Rbac-${index}'
params: {
description: contains(roleAssignment, 'description') ? roleAssignment.description : ''
principalIds: roleAssignment.principalIds
@@ -265,18 +265,18 @@ module hostingEnvironment_roleAssignments '.bicep/nested_roleAssignments.bicep'
roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName
condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : ''
delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : ''
- resourceId: hostingEnvironment.id
+ resourceId: appServiceEnvironment.id
}
}]
@description('The resource ID of the App Service Environment.')
-output resourceId string = hostingEnvironment.id
+output resourceId string = appServiceEnvironment.id
@description('The resource group the App Service Environment was deployed into.')
output resourceGroupName string = resourceGroup().name
@description('The name of the App Service Environment.')
-output name string = hostingEnvironment.name
+output name string = appServiceEnvironment.name
@description('The location the resource was deployed into.')
-output location string = hostingEnvironment.location
+output location string = appServiceEnvironment.location
From ee4a9bef69238368e95714a92198753ff50d294f Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Sun, 5 Feb 2023 08:40:29 +1100
Subject: [PATCH 08/18] updated name prefix typo
---
.../hostingEnvironments/.test/asev3/deploy.test.bicep | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
index 1cf4223c9c..93bca07e4d 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
@@ -34,7 +34,7 @@ module nestedDependencies 'dependencies.bicep' = {
params: {
networkSecurityGroupName: 'dep-<>-nsg-${serviceShort}'
virtualNetworkName: 'dep-<>-vnet-${serviceShort}'
- managedIdentityName: 'dep-<->msi-${serviceShort}'
+ managedIdentityName: 'dep-<>->msi-${serviceShort}'
keyVaultName: 'dep-<>-kv-${serviceShort}'
certDeploymentScriptName: 'dep-<>ds-${serviceShort}'
}
From 072f6acb9ff5a445f377c125181910b77f999c79 Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Sun, 5 Feb 2023 11:13:36 +1100
Subject: [PATCH 09/18] fixed namePrefix Typo
---
.../hostingEnvironments/.test/asev3/deploy.test.bicep | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
index 93bca07e4d..172460181a 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
@@ -34,7 +34,7 @@ module nestedDependencies 'dependencies.bicep' = {
params: {
networkSecurityGroupName: 'dep-<>-nsg-${serviceShort}'
virtualNetworkName: 'dep-<>-vnet-${serviceShort}'
- managedIdentityName: 'dep-<>->msi-${serviceShort}'
+ managedIdentityName: 'dep-<>-msi-${serviceShort}'
keyVaultName: 'dep-<>-kv-${serviceShort}'
certDeploymentScriptName: 'dep-<>ds-${serviceShort}'
}
From d18b0ff28b3d115ab12a3ff81f8f5137604d68ed Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Sun, 5 Feb 2023 23:04:13 +1100
Subject: [PATCH 10/18] fixed typo
---
.../hostingEnvironments/.test/asev3/deploy.test.bicep | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
index 172460181a..83469c9aa7 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
@@ -36,7 +36,7 @@ module nestedDependencies 'dependencies.bicep' = {
virtualNetworkName: 'dep-<>-vnet-${serviceShort}'
managedIdentityName: 'dep-<>-msi-${serviceShort}'
keyVaultName: 'dep-<>-kv-${serviceShort}'
- certDeploymentScriptName: 'dep-<>ds-${serviceShort}'
+ certDeploymentScriptName: 'dep-<>-ds-${serviceShort}'
}
}
From eaa8187c8ec84ea7669ae98cabc5ddb338f46386 Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Mon, 6 Feb 2023 06:49:49 +1100
Subject: [PATCH 11/18] reverted identity settings
---
modules/Microsoft.Web/hostingEnvironments/deploy.bicep | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
index b36e279463..b762e627ad 100644
--- a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
@@ -174,7 +174,7 @@ var enableReferencedModulesTelemetry = false
var identity = identityType != 'None' ? {
type: identityType
userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null
-} : {}
+} : null
resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
From e8450c5c57ddd9eb85abacba1ec225a10782b5aa Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Mon, 6 Feb 2023 07:41:26 +1100
Subject: [PATCH 12/18] restored identity change
---
modules/Microsoft.Web/hostingEnvironments/deploy.bicep | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
index b762e627ad..b36e279463 100644
--- a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
@@ -174,7 +174,7 @@ var enableReferencedModulesTelemetry = false
var identity = identityType != 'None' ? {
type: identityType
userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null
-} : null
+} : {}
resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
From 308cee7b61ec235108f07dc33405fe602194aa86 Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Mon, 6 Feb 2023 07:50:48 +1100
Subject: [PATCH 13/18] case sensitive path
From 162213cca8a9d40e45e410bcfe39e1a422645caa Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Mon, 6 Feb 2023 08:01:46 +1100
Subject: [PATCH 14/18] update documentation
---
modules/Microsoft.Web/hostingEnvironments/deploy.bicep | 2 +-
modules/Microsoft.Web/hostingEnvironments/readme.md | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
index b36e279463..84f044740f 100644
--- a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
@@ -52,7 +52,7 @@ param dnsSuffix string = ''
@description('Optional. Scale factor for frontends.')
param frontEndScaleFactor int = 15
-@description('Optional. Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing.')
+@description('Optional. Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. "None" Exposes the ASE-hosted apps on an internet-accessible IP address.')
@allowed([
'None'
'Web'
diff --git a/modules/Microsoft.Web/hostingEnvironments/readme.md b/modules/Microsoft.Web/hostingEnvironments/readme.md
index 181563f257..91b2e9d9df 100644
--- a/modules/Microsoft.Web/hostingEnvironments/readme.md
+++ b/modules/Microsoft.Web/hostingEnvironments/readme.md
@@ -56,7 +56,7 @@ This module deploys an app service environment.
| `frontEndScaleFactor` | int | `15` | | Scale factor for frontends. |
| `ftpEnabled` | bool | `False` | | Property to enable and disable FTP on ASEV3. Ignored when kind is set to ASEv2. |
| `inboundIpAddressOverride` | string | `''` | | Customer provided Inbound IP Address. Only able to be set on Ase create. Ignored when kind is set to ASEv2. |
-| `internalLoadBalancingMode` | string | `'None'` | `[None, Publishing, Web, Web, Publishing]` | Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. |
+| `internalLoadBalancingMode` | string | `'None'` | `[None, Publishing, Web, Web, Publishing]` | Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. "None" Exposes the ASE-hosted apps on an internet-accessible IP address. |
| `ipsslAddressCount` | int | `0` | | Number of IP SSL addresses reserved for the App Service Environment. Cannot be used when kind is set to ASEv3. |
| `kind` | string | `'ASEv3'` | `[ASEv2, ASEv3]` | Kind of resource. |
| `location` | string | `[resourceGroup().location]` | | Location for all resources. |
From 036cefbd23775c3dc33851a729339e59e9662dfd Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Mon, 6 Feb 2023 08:05:10 +1100
Subject: [PATCH 15/18] Updated custom dns suffix path
---
modules/Microsoft.Web/hostingEnvironments/deploy.bicep | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
index 84f044740f..61432c973c 100644
--- a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep
@@ -224,7 +224,7 @@ module appServiceEnvironment_configurations_networking 'configurations-networkin
}
}
-module appServiceEnvironment_configurations_customDnsSuffix 'configurations-customDnsSuffix/deploy.bicep' = if (kind == 'ASEv3' && !empty(customDnsSuffix)) {
+module appServiceEnvironment_configurations_customDnsSuffix 'configurations-customdnssuffix/deploy.bicep' = if (kind == 'ASEv3' && !empty(customDnsSuffix)) {
name: '${uniqueString(deployment().name, location)}-AppServiceEnv-Configurations-CustomDnsSuffix'
params: {
hostingEnvironmentName: appServiceEnvironment.name
From 3e9389aed5fe7f2ab83f4179bb017577093527ab Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Tue, 7 Feb 2023 16:12:28 +1100
Subject: [PATCH 16/18] Apply suggestions from code review
Co-authored-by: Alexander Sehr
---
.../configurations-customdnssuffix/readme.md | 4 ++--
.../hostingEnvironments/configurations-networking/readme.md | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/readme.md b/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/readme.md
index 60bdd509f1..6ecadb222c 100644
--- a/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/readme.md
+++ b/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/readme.md
@@ -1,6 +1,6 @@
-# Web HostingEnvironments Configurations-customdnssuffix `[Microsoft.Web/hostingEnvironments/configurations-customdnssuffix]`
+# Hosting Environment Custom DNS Suffix Configuration `[Microsoft.Web/hostingEnvironments/configurations-customdnssuffix]`
-This module deploys Web HostingEnvironments Configurations-customdnssuffix.
+This module deploys a Custom DNS Suffix Configuration for Hosting Environments.
## Navigation
diff --git a/modules/Microsoft.Web/hostingEnvironments/configurations-networking/readme.md b/modules/Microsoft.Web/hostingEnvironments/configurations-networking/readme.md
index 189b62c6c7..7dafb9d262 100644
--- a/modules/Microsoft.Web/hostingEnvironments/configurations-networking/readme.md
+++ b/modules/Microsoft.Web/hostingEnvironments/configurations-networking/readme.md
@@ -1,6 +1,6 @@
-# Web HostingEnvironments Configurations-networking `[Microsoft.Web/hostingEnvironments/configurations-networking]`
+# Hosting Environment Network Configuration `[Microsoft.Web/hostingEnvironments/configurations-networking]`
-This module deploys Web HostingEnvironments Configurations-networking.
+This module deploys a Network Configuration for Hosting Environments.
## Navigation
From 2737a7b1f650fee8b38241b7b3d72291cb39a0f9 Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Tue, 7 Feb 2023 16:32:02 +1100
Subject: [PATCH 17/18] updated documentation
---
.../hostingEnvironments/configurations-networking/readme.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/Microsoft.Web/hostingEnvironments/configurations-networking/readme.md b/modules/Microsoft.Web/hostingEnvironments/configurations-networking/readme.md
index 7dafb9d262..965e8f3c1e 100644
--- a/modules/Microsoft.Web/hostingEnvironments/configurations-networking/readme.md
+++ b/modules/Microsoft.Web/hostingEnvironments/configurations-networking/readme.md
@@ -1,4 +1,4 @@
-# Hosting Environment Network Configuration `[Microsoft.Web/hostingEnvironments/configurations-networking]`
+# Hosting Environment Network Configuration `[Microsoft.Web/hostingEnvironments/configurations-networking]`
This module deploys a Network Configuration for Hosting Environments.
From b8e0c09519f3d1e759d2963fb35997e99ee6f0ab Mon Sep 17 00:00:00 2001
From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com>
Date: Sat, 18 Feb 2023 09:06:28 +1100
Subject: [PATCH 18/18] Aligned to new shared scripts model
---
.../.scripts/Set-CertificateInKeyVault.ps1 | 14 +++++--
.../.test/.scripts/New-Certificate.ps1 | 40 -------------------
.../.test/asev3/dependencies.bicep | 4 +-
.../configurations-customdnssuffix/readme.md | 2 +-
.../configurations-networking/readme.md | 2 +-
.../hostingEnvironments/readme.md | 3 +-
6 files changed, 16 insertions(+), 49 deletions(-)
delete mode 100644 modules/Microsoft.Web/hostingEnvironments/.test/.scripts/New-Certificate.ps1
diff --git a/modules/.shared/.scripts/Set-CertificateInKeyVault.ps1 b/modules/.shared/.scripts/Set-CertificateInKeyVault.ps1
index 18028cc9ea..5f9bafaef5 100644
--- a/modules/.shared/.scripts/Set-CertificateInKeyVault.ps1
+++ b/modules/.shared/.scripts/Set-CertificateInKeyVault.ps1
@@ -11,17 +11,23 @@ Mandatory. The name of the Key Vault to add a new certificate to, or fetch the s
.PARAMETER CertName
Mandatory. The name of the certificate to generate or fetch the secret reference from
+.PARAMETER CertSubjectName
+Optional. The subject distinguished name is the name of the user of the certificate. The distinguished name for the certificate is a textual representation of the subject or issuer of the certificate. Default name is "CN=fabrikam.com"
+
.EXAMPLE
-./Set-CertificateInKeyVault.ps1 -KeyVaultName 'myVault' -CertName 'myCert'
+./Set-CertificateInKeyVault.ps1 -KeyVaultName 'myVault' -CertName 'myCert' -CertSubjectName 'CN=fabrikam.com'
-Generate a new Key Vault Certificate or fetch its secret reference if already existing as 'myCert' in Key Vault 'myVault'
+Generate a new Key Vault Certificate with the default or provided subject name, or fetch its secret reference if already existing as 'myCert' in Key Vault 'myVault'
#>
param(
[Parameter(Mandatory = $true)]
[string] $KeyVaultName,
[Parameter(Mandatory = $true)]
- [string] $CertName
+ [string] $CertName,
+
+ [Parameter(Mandatory = $false)]
+ [string] $CertSubjectName = 'CN=fabrikam.com'
)
$certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'SilentlyContinue'
@@ -29,7 +35,7 @@ $certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertNam
if (-not $certificate) {
$policyInputObject = @{
SecretContentType = 'application/x-pkcs12'
- SubjectName = 'CN=fabrikam.com'
+ SubjectName = $CertSubjectName
IssuerName = 'Self'
ValidityInMonths = 12
ReuseKeyOnRenewal = $true
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/.scripts/New-Certificate.ps1 b/modules/Microsoft.Web/hostingEnvironments/.test/.scripts/New-Certificate.ps1
deleted file mode 100644
index 2134d50f10..0000000000
--- a/modules/Microsoft.Web/hostingEnvironments/.test/.scripts/New-Certificate.ps1
+++ /dev/null
@@ -1,40 +0,0 @@
-param(
- [string] $KeyVaultName,
- [string] $CertName
-)
-
-$certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop'
-
-if (-not $certificate) {
- $policyInputObject = @{
- SecretContentType = 'application/x-pkcs12'
- SubjectName = 'CN=*.internal.contoso.com'
- IssuerName = 'Self'
- ValidityInMonths = 12
- ReuseKeyOnRenewal = $true
- }
- $certPolicy = New-AzKeyVaultCertificatePolicy @policyInputObject
-
- $null = Add-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -CertificatePolicy $certPolicy
- Write-Verbose ('Initiated creation of certificate [{0}] in key vault [{1}]' -f $CertName, $KeyVaultName) -Verbose
-
- while (-not (Get-AzKeyVaultCertificateOperation -VaultName $KeyVaultName -Name $CertName).Status -eq 'completed') {
- Write-Verbose 'Waiting 10 seconds for certificate creation' -Verbose
- Start-Sleep 10
- }
-
- Write-Verbose 'Certificate created' -Verbose
-}
-
-$secretId = $certificate.SecretId
-while ([String]::IsNullOrEmpty($secretId)) {
- Write-Verbose 'Waiting 10 seconds until certificate can be fetched' -Verbose
- Start-Sleep 10
- $certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop'
- $secretId = $certificate.SecretId
-}
-
-# Write into Deployment Script output stream
-$DeploymentScriptOutputs = @{
- secretUrl = $secretId
-}
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
index d645cc108d..74137cddf1 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
@@ -117,8 +117,8 @@ resource certDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01'
properties: {
azPowerShellVersion: '8.0'
retentionInterval: 'P1D'
- arguments: '-KeyVaultName "${keyVault.name}" -CertName "asev3certificate"'
- scriptContent: loadTextContent('../.scripts/New-Certificate.ps1')
+ arguments: '-KeyVaultName "${keyVault.name}" -CertName "asev3certificate" -CertSubjectName "CN=*.internal.contoso.com"'
+ scriptContent: loadTextContent('../../../../.shared/.scripts/Set-CertificateInKeyVault.ps1')
}
}
diff --git a/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/readme.md b/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/readme.md
index 6ecadb222c..a38247f30c 100644
--- a/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/readme.md
+++ b/modules/Microsoft.Web/hostingEnvironments/configurations-customdnssuffix/readme.md
@@ -13,7 +13,7 @@ This module deploys a Custom DNS Suffix Configuration for Hosting Environments.
| Resource Type | API Version |
| :-- | :-- |
-| `Microsoft.Web/hostingEnvironments/configurations` | [2022-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/hostingEnvironments/configurations) |
+| `Microsoft.Web/hostingEnvironments/configurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/hostingEnvironments/configurations) |
## Parameters
diff --git a/modules/Microsoft.Web/hostingEnvironments/configurations-networking/readme.md b/modules/Microsoft.Web/hostingEnvironments/configurations-networking/readme.md
index 965e8f3c1e..e395c507a8 100644
--- a/modules/Microsoft.Web/hostingEnvironments/configurations-networking/readme.md
+++ b/modules/Microsoft.Web/hostingEnvironments/configurations-networking/readme.md
@@ -13,7 +13,7 @@ This module deploys a Network Configuration for Hosting Environments.
| Resource Type | API Version |
| :-- | :-- |
-| `Microsoft.Web/hostingEnvironments/configurations` | [2022-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/hostingEnvironments/configurations) |
+| `Microsoft.Web/hostingEnvironments/configurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/hostingEnvironments/configurations) |
## Parameters
diff --git a/modules/Microsoft.Web/hostingEnvironments/readme.md b/modules/Microsoft.Web/hostingEnvironments/readme.md
index b267df17ce..d6338708bd 100644
--- a/modules/Microsoft.Web/hostingEnvironments/readme.md
+++ b/modules/Microsoft.Web/hostingEnvironments/readme.md
@@ -17,7 +17,8 @@ This module deploys an app service environment.
| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
-| `Microsoft.Web/hostingEnvironments` | [2021-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-03-01/hostingEnvironments) |
+| `Microsoft.Web/hostingEnvironments` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-03-01/hostingEnvironments) |
+| `Microsoft.Web/hostingEnvironments/configurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/hostingEnvironments/configurations) |
## Parameters