Home > OS >  Azure Bicep - unable to set ipSecurityRestrictions
Azure Bicep - unable to set ipSecurityRestrictions

Time:10-26

I have the following resource defined in a bicep module for the setting of function app config:

resource functionAppAppsettings 'Microsoft.Web/sites/config@2018-11-01' = {
  name: '${functionAppName}/appsettings'
  properties: {
    AzureWebJobsStorage: 'DefaultEndpointsProtocol=https;AccountName=${storageAccountName};EndpointSuffix=${environment().suffixes.storage};AccountKey=${listKeys(storageAccountId, '2019-06-01').keys[0].value}'
    WEBSITE_CONTENTAZUREFILECONNECTIONSTRING: 'DefaultEndpointsProtocol=https;AccountName=${storageAccountName};EndpointSuffix=${environment().suffixes.storage};AccountKey=${listKeys(storageAccountId, '2019-06-01').keys[0].value}'
    FUNCTIONS_EXTENSION_VERSION: '~3'
    FUNCTIONS_WORKER_RUNTIME: 'dotnet'
    APPINSIGHTS_INSTRUMENTATIONKEY: appInsightsKey
    WEBSITE_CONTENTSHARE: toLower(functionAppName)
    ipSecurityRestrictions: [
      {
        ipAddress: '${pcPublicIp}/32'
        action: 'Allow'
        tag: 'Default'
        priority: 101
        name: 'laptop ip'
        description: 'Allow requests from test laptop'
      }
    ]
  }
}

If I comment out the ipSecurityRestrictions block then it works ok but with it in, I get the following error:

"Code": "BadRequest",
  "Message": "The parameter properties has an invalid value.",
  "Target": null,
  "Details": [
    {
      "Message": "The parameter properties has an invalid value."
    },
    {
      "Code": "BadRequest"
    },
    {
      "ErrorEntity": {
        "ExtendedCode": "51008",
        "MessageTemplate": "The parameter {0} has an invalid value.",
        "Parameters": [
          "properties"
        ],
        "Code": "BadRequest",
        "Message": "The parameter properties has an invalid value."
      }
    }

The pcPublicIp variable is a string containing a ip v4 address.

Can you anyone see what I have wrong?

CodePudding user response:

You would need to use a web config section to configure ipSecurityRestrictions (see documentation):

resource functionApp 'Microsoft.Web/sites@2018-11-01' existing = {
  name: functionAppName
}

// Web
resource webConfig 'Microsoft.Web/sites/config@2018-11-01' = {
  parent: functionApp
  name: 'web'
  properties: {
    ipSecurityRestrictions: [
      {
        ipAddress: '${pcPublicIp}/32'
        action: 'Allow'
        tag: 'Default'
        priority: 101
        name: 'laptop ip'
        description: 'Allow requests from test laptop'
      }
    ]
  }
}

// AppSettings
resource appSettings 'Microsoft.Web/sites/config@2018-11-01' = {
  parent: functionApp
  name: 'appsettings'
  properties: {
    AzureWebJobsStorage: 'DefaultEndpointsProtocol=https;AccountName=${storageAccountName};EndpointSuffix=${environment().suffixes.storage};AccountKey=${listKeys(storageAccountId, '2019-06-01').keys[0].value}'
    WEBSITE_CONTENTAZUREFILECONNECTIONSTRING: 'DefaultEndpointsProtocol=https;AccountName=${storageAccountName};EndpointSuffix=${environment().suffixes.storage};AccountKey=${listKeys(storageAccountId, '2019-06-01').keys[0].value}'
    FUNCTIONS_EXTENSION_VERSION: '~3'
    FUNCTIONS_WORKER_RUNTIME: 'dotnet'
    APPINSIGHTS_INSTRUMENTATIONKEY: appInsightsKey
    WEBSITE_CONTENTSHARE: toLower(functionApp.name)
  }
}

Page link:https//www.codepudding.com/os/589079.html

Prev:How do I calculate the cost of Azure Synapse Analytics?
Next:Span tag not moving upward when clicked on it
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding