-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
RequireLatestTls_FunctionApp_Slot_DINE.json
101 lines (101 loc) · 3.13 KB
/
RequireLatestTls_FunctionApp_Slot_DINE.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
{
"properties": {
"displayName": "Configure Function app slots to use the latest TLS version",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.",
"metadata": {
"version": "1.1.0",
"category": "App Service"
},
"version": "1.1.0",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "DeployIfNotExists",
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Web/sites/slots"
},
{
"field": "kind",
"contains": "functionapp"
},
{
"field": "kind",
"notContains": "workflowapp"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Web/sites/slots/config",
"name": "web",
"existenceCondition": {
"field": "Microsoft.Web/sites/slots/config/minTlsVersion",
"equals": "1.2"
},
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772"
],
"deployment": {
"properties": {
"mode": "incremental",
"parameters": {
"siteName": {
"value": "[field('name')]"
},
"siteId": {
"value": "[field('id')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"siteName": {
"type": "string"
},
"siteId": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Web/sites/slots/config",
"apiVersion": "2021-02-01",
"name": "[format('{0}/{1}/web', split(parameters('siteId'),'/')[8], parameters('siteName'))]",
"properties": {
"minTlsVersion": "1.2"
}
}
],
"outputs": {}
}
}
}
}
}
},
"versions": [
"1.1.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063",
"name": "fa3a6357-c6d6-4120-8429-855577ec0063"
}