Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[App Service] az functionapp/logicapp create: Add new --https-only parameter #23213

Merged
merged 17 commits into from
Jul 26, 2022
Merged

[App Service] az functionapp/logicapp create: Add new --https-only parameter #23213

Show file tree
Hide file tree
Changes from 13 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
a44b7a7
Update SDK version; first pass at tests (9 still failing)
StrawnSC Jul 15, 2022
b93efd7
fix test_webapp_ssl_import
StrawnSC Jul 18, 2022
e22bed8
rerecord test_webapp_ssl_import_crossrg
StrawnSC Jul 18, 2022
edb9dac
fix test_functionapp_consumption_linux_powershell, test_functionapp_o…
StrawnSC Jul 18, 2022
3f2d96d
fix test_domain_create, test_functionapp_e2e, test_logicapp_e2e, test…
StrawnSC Jul 18, 2022
230fbba
revert change to azure-mgmt-core version
StrawnSC Jul 19, 2022
ef73111
Merge branch 'dev' into update-sdk-7
StrawnSC Jul 19, 2022
ae66a01
rerecord failed tests
StrawnSC Jul 20, 2022
e3df608
allow vnet integration for basic and elastic premium skus
StrawnSC Jul 21, 2022
a400b0f
add --https-only for functionapp create
StrawnSC Jul 21, 2022
fe2366c
add --https-only to logicapp create
StrawnSC Jul 21, 2022
0ba0123
trigger CI
StrawnSC Jul 21, 2022
8b219d7
trigger CI 2
StrawnSC Jul 21, 2022
1c1a551
unpin certs and domains API versions
StrawnSC Jul 25, 2022
6c4129e
test new SKUs for vnet integration
StrawnSC Jul 25, 2022
a6e5472
Merge branch 'dev' into update-sdk-7
StrawnSC Jul 26, 2022
95d0b3a
rerecord tests
StrawnSC Jul 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/azure-cli-core/azure/cli/core/profiles/_shared.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -235,7 +235,7 @@ def default_api_version(self):
'subscription_diagnostic_settings': '2017-05-01-preview'
}),
ResourceType.MGMT_MSI: '2021-09-30-preview',
ResourceType.MGMT_APPSERVICE: '2021-03-01',
ResourceType.MGMT_APPSERVICE: '2022-03-01',
ResourceType.MGMT_IOTHUB: '2021-07-02',
ResourceType.MGMT_IOTDPS: '2021-10-15',
ResourceType.MGMT_IOTCENTRAL: '2021-11-01-preview',
Expand Down
4 changes: 2 additions & 2 deletions src/azure-cli/azure/cli/command_modules/appservice/_params.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,8 +153,6 @@ def load_arguments(self, _):
local_context_attribute=LocalContextAttribute(name='plan_name', actions=[LocalContextAction.GET]))
c.argument('vnet', help="Name or resource ID of the regional virtual network. If there are multiple vnets of the same name across different resource groups, use vnet resource id to specify which vnet to use. If vnet name is used, by default, the vnet in the same resource group as the webapp will be used. Must be used with --subnet argument.")
c.argument('subnet', help="Name or resource ID of the pre-existing subnet to have the webapp join. The --vnet is argument also needed if specifying subnet by name.")
c.argument('https_only', help="Redirect all traffic made to an app using HTTP to HTTPS.",
arg_type=get_three_state_flag(return_label=True))
c.ignore('language')
c.ignore('using_webapp_up')

Expand Down Expand Up @@ -234,6 +232,8 @@ def load_arguments(self, _):
c.argument('deployment_source_branch', options_list=['--deployment-source-branch', '-b'],
help='the branch to deploy')
c.argument('tags', arg_type=tags_type)
c.argument('https_only', help="Redirect all traffic made to an app using HTTP to HTTPS.",
arg_type=get_three_state_flag())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should the return_label be TRUE here - since this change will impact webapp up where we default this to True?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tested this and return_label=True causes broken behavior when the user calls this as --https-only false. Having return_label=True results in the value being passed as a string (ie "true" or "false") instead of a boolean value (True or False). This behavior is explained in the documentation in the screenshot below. The result is that if we had return_label=True and the user called the command with --https-only false, they would have a webapp with httpsOnly true.

I just doubled check this and it doesn't impact webapps created with az webapp up -- they still are httpsOnly by default:
Screen Shot 2022-07-25 at 12 48 11 PM

Documentation for the return_label argument:
Screen Shot 2022-07-25 at 12 38 11 PM


for scope in ['webapp', 'functionapp']:
with self.argument_context(scope) as c:
Expand Down
2 changes: 1 addition & 1 deletion src/azure-cli/azure/cli/command_modules/appservice/_validators.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -336,7 +336,7 @@ def validate_vnet_integration(cmd, namespace):
resource_group_name=namespace.resource_group_name)

sku_name = plan_info.sku.name
disallowed_skus = {'FREE', 'SHARED', 'BASIC', 'ElasticPremium', 'PremiumContainer', 'Isolated', 'IsolatedV2'}
disallowed_skus = {'FREE', 'SHARED', 'PremiumContainer', 'Isolated', 'IsolatedV2'}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we confirm with function apps team this list accurate?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We confirmed this on the original email thread with the functions team that prompted this change

if get_sku_tier(sku_name) in disallowed_skus:
raise ArgumentUsageError("App Service Plan has invalid sku for vnet integration: {}."
"Plan sku cannot be one of: {}. "
Expand Down
3 changes: 2 additions & 1 deletion src/azure-cli/azure/cli/command_modules/appservice/appservice_domains.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,8 @@ def create_domain(cmd, resource_group_name, hostname, contact_info, privacy=True
except:
raise CLIError("Unable to get IP address")

web_client = web_client_factory(cmd.cli_ctx)
# TODO remove api_version when Microsoft.DomainRegistration supports a later version
web_client = web_client_factory(cmd.cli_ctx, api_version="2021-01-15")
hostname_availability = web_client.domains.check_availability(NameIdentifier(name=hostname))
StrawnSC marked this conversation as resolved.
Show resolved Hide resolved

if not hostname_availability.available:
Expand Down
11 changes: 7 additions & 4 deletions src/azure-cli/azure/cli/command_modules/appservice/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2670,7 +2670,8 @@ def delete_ssl_cert(cmd, resource_group_name, certificate_thumbprint):

def import_ssl_cert(cmd, resource_group_name, name, key_vault, key_vault_certificate_name):
Certificate = cmd.get_models('Certificate')
client = web_client_factory(cmd.cli_ctx)
# TODO remove api_version when Microsoft.CertificateRegistration supports a later version
client = web_client_factory(cmd.cli_ctx, api_version="2021-01-15")
Copy link
Contributor

@zhoxing-ms zhoxing-ms Jul 25, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@StrawnSC May I ask why Microsoft.DomainRegistration and Microsoft.CertificateRegistration don't support the new api-version as ResourceType.MGMT_APPSERVICE?
If the supported api-version between them and ResourceType.MGMT_APPSERVICE are independent of each other, I suggest setting the sub configurations for them separately in the _shared.py, just like

azure-cli/src/azure-cli-core/azure/cli/core/profiles/_shared.py

Lines 151 to 164 in b475906

ResourceType.MGMT_COMPUTE: SDKProfile('2022-03-01', {
'resource_skus': '2019-04-01',
'disks': '2022-03-02',
'disk_encryption_sets': '2022-03-02',
'disk_accesses': '2020-05-01',
'snapshots': '2021-12-01',
'galleries': '2021-10-01',
'gallery_images': '2021-10-01',
'gallery_image_versions': '2021-10-01',
'gallery_applications': '2021-07-01',
'gallery_application_versions': '2022-01-03',
'shared_galleries': '2022-01-03',
'virtual_machine_scale_sets': '2022-03-01',
}),

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The App Service certs and domains back end team just released the new API version, so I just removed all the places where I was hardcoding the API version in the client

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@StrawnSC May I ask why Microsoft.DomainRegistration and Microsoft.CertificateRegistration don't support the new api-version as ResourceType.MGMT_APPSERVICE? If the supported api-version between them and ResourceType.MGMT_APPSERVICE are independent of each other, I suggest setting the sub configurations for them separately in the _shared.py, just like

azure-cli/src/azure-cli-core/azure/cli/core/profiles/_shared.py

Lines 151 to 164 in b475906

ResourceType.MGMT_COMPUTE: SDKProfile('2022-03-01', {
'resource_skus': '2019-04-01',
'disks': '2022-03-02',
'disk_encryption_sets': '2022-03-02',
'disk_accesses': '2020-05-01',
'snapshots': '2021-12-01',
'galleries': '2021-10-01',
'gallery_images': '2021-10-01',
'gallery_image_versions': '2021-10-01',
'gallery_applications': '2021-07-01',
'gallery_application_versions': '2022-01-03',
'shared_galleries': '2022-01-03',
'virtual_machine_scale_sets': '2022-03-01',
}),

@zhoxing-ms this was a temporary change, while we were waiting on ARM manifest update for the new API version to complete across all locations & get the initial code review unblocked.

webapp = client.web_apps.get(resource_group_name, name)
if not webapp:
raise ResourceNotFoundError("'{}' app doesn't exist in resource group {}".format(name, resource_group_name))
Expand Down Expand Up @@ -2709,8 +2710,10 @@ def import_ssl_cert(cmd, resource_group_name, name, key_vault, key_vault_certifi
subscription_id = get_subscription_id(cmd.cli_ctx)
if cloud_type.lower() == PUBLIC_CLOUD.lower():
if kv_subscription.lower() != subscription_id.lower():
# TODO remove api_version when Microsoft.CertificateRegistration supports a later version
diff_subscription_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_APPSERVICE,
subscription_id=kv_subscription)
subscription_id=kv_subscription,
api_version="2021-01-15")
ascs = diff_subscription_client.app_service_certificate_orders.list()
else:
ascs = client.app_service_certificate_orders.list()
Expand Down Expand Up @@ -3415,7 +3418,7 @@ def create_functionapp(cmd, resource_group_name, name, storage_account, plan=Non
deployment_source_branch='master', deployment_local_git=None,
docker_registry_server_password=None, docker_registry_server_user=None,
deployment_container_image_name=None, tags=None, assign_identities=None,
role='Contributor', scope=None, vnet=None, subnet=None):
role='Contributor', scope=None, vnet=None, subnet=None, https_only=False):
# pylint: disable=too-many-statements, too-many-branches
if functions_version is None:
logger.warning("No functions version specified so defaulting to 3. In the future, specifying a version will "
Expand Down Expand Up @@ -3462,7 +3465,7 @@ def create_functionapp(cmd, resource_group_name, name, storage_account, plan=Non
subnet_resource_id = None

functionapp_def = Site(location=None, site_config=site_config, tags=tags,
virtual_network_subnet_id=subnet_resource_id)
virtual_network_subnet_id=subnet_resource_id, https_only=https_only)

plan_info = None
if runtime is not None:
Expand Down
4 changes: 2 additions & 2 deletions src/azure-cli/azure/cli/command_modules/appservice/logicapp/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ def create_logicapp(cmd, resource_group_name, name, storage_account, plan=None,
app_insights=None, app_insights_key=None, disable_app_insights=None,
deployment_source_url=None, deployment_source_branch='master', deployment_local_git=None,
docker_registry_server_password=None, docker_registry_server_user=None,
deployment_container_image_name=None, tags=None):
deployment_container_image_name=None, tags=None, https_only=False):
# pylint: disable=too-many-statements, too-many-branches, too-many-locals
functions_version = DEFAULT_LOGICAPP_FUNCTION_VERSION
runtime = None
Expand All @@ -65,7 +65,7 @@ def create_logicapp(cmd, resource_group_name, name, storage_account, plan=None,
deployment_container_image_name)

site_config = SiteConfig(app_settings=[])
logicapp_def = Site(location=None, site_config=site_config, tags=tags)
logicapp_def = Site(location=None, site_config=site_config, tags=tags, https_only=https_only)
client = web_client_factory(cmd.cli_ctx)
plan_info = None
if runtime is not None:
Expand Down
Loading