feat: Update avm/res/web/static-site - Add additional param for publicNetworkAccess
#4286
+54
−7
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,7 +6,7 @@ | |
| "_generator": { | ||
| "name": "bicep", | ||
| "version": "0.32.4.45862", | ||
| "templateHash": "11046224615249635639" | ||
| }, | ||
| "name": "Static Web Apps", | ||
| "description": "This module deploys a Static Web App." | ||
|
|
@@ -572,6 +572,13 @@ | |
| "metadata": { | ||
| "description": "Optional. The custom domains associated with this static site. The deployment will fail as long as the validation records are not present." | ||
| } | ||
| }, | ||
| "publicNetworkAccess": { | ||
| "type": "string", | ||
| "defaultValue": "Disabled", | ||
| "metadata": { | ||
| "description": "Optional. The public network access settings for the static site. `Disabled` is configured by default." | ||
| } | ||
| } | ||
| }, | ||
| "variables": { | ||
|
|
@@ -617,7 +624,7 @@ | |
| }, | ||
| "staticSite": { | ||
| "type": "Microsoft.Web/staticSites", | ||
| "apiVersion": "2024-04-01", | ||
| "name": "[parameters('name')]", | ||
| "location": "[parameters('location')]", | ||
| "tags": "[parameters('tags')]", | ||
|
|
@@ -635,7 +642,8 @@ | |
| "buildProperties": "[parameters('buildProperties')]", | ||
| "repositoryToken": "[parameters('repositoryToken')]", | ||
| "repositoryUrl": "[parameters('repositoryUrl')]", | ||
| "templateProperties": "[parameters('templateProperties')]", | ||
| "publicNetworkAccess": "[parameters('publicNetworkAccess')]" | ||
| } | ||
| }, | ||
| "staticSite_lock": { | ||
|
|
@@ -1851,14 +1859,14 @@ | |
| "metadata": { | ||
| "description": "The principal ID of the system assigned identity." | ||
| }, | ||
| "value": "[tryGet(tryGet(reference('staticSite', '2024-04-01', 'full'), 'identity'), 'principalId')]" | ||
| }, | ||
| "location": { | ||
| "type": "string", | ||
| "metadata": { | ||
| "description": "The location the resource was deployed into." | ||
| }, | ||
| "value": "[reference('staticSite', '2024-04-01', 'full').location]" | ||
| }, | ||
| "defaultHostname": { | ||
| "type": "string", | ||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Leveraging the PR to trigger a discussion about this setting in general and current implementation across the library.
I see the inconsistency is strong with this one.
In CARML we started disabling publicNetworkAccess within the resource implementation instead of through its default value, and only in case private endpoint is enabled. This is still the current implementation for multiple modules, such as for example storage-account
The reasoning behind was that it won't be useful to disable public network access by default if private endpoint is not configured. In these cases the default value is set to empty
''.Meanwhile, many other resource modules are now disabling publicNetworkAccess by default via default values in AVM. An example is RSV. In these cases the default value is set to
Disabled.Needless to say, we also have cases where the default value is set to
Enabled.I think it would be nice to align the behavior.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I could imagine that some resources may have PSRule tests that request one or the other. Don't have an example at hand though (for RSV, for example, this test does not exist, so I guess the person implementing the parameter simply decided that it would be a good solution).
One added caveat is that aside from PEs, one could also navigate to a resource like a storage account using service endpoints, making the matter even harder to define a default for.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am about t commit another push to this which updates it to the same configuration as we use for PaaS Services, but I am removing
networkaclas this is not supportted for this resource