update according to comments

2023-03-27 13:34:34 +08:00
parent bd9b6181d1
commit 0c13ff9e53
6 changed files with 19 additions and 156 deletions
--- a/infra/core/database/sqlserver/sqlserver.bicep
+++ b/infra/core/database/sqlserver/sqlserver.bicep
@@ -33,7 +33,7 @@ resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = {
  resource firewall 'firewallRules' = {
    name: 'Azure Services'
    properties: {
-      // Allow all clients 
+      // Allow all clients
      // Note: range [0.0.0.0-0.0.0.0] means "allow all Azure-hosted clients only".
      // This is not sufficient, because we also want to allow direct access from developer machine, for debugging purposes.
      startIpAddress: '0.0.0.1'
@@ -127,4 +127,3 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
 var connectionString = 'Server=${sqlServer.properties.fullyQualifiedDomainName}; Database=${sqlServer::database.name}; User=${appUser}'
 output connectionStringKey string = connectionStringKey
 output databaseName string = sqlServer::database.name
-output connectionString string = connectionString
--- a/infra/core/host/appservice.bicep
+++ b/infra/core/host/appservice.bicep
@@ -32,6 +32,8 @@ param minimumElasticInstanceCount int = -1
 param numberOfWorkers int = -1
 param scmDoBuildDuringDeployment bool = false
 param use32BitWorkerProcess bool = false
+param ftpsState string = 'FtpsOnly'
+param healthCheckPath string = ''

 resource appService 'Microsoft.Web/sites@2022-03-01' = {
  name: name
@@ -43,12 +45,14 @@ resource appService 'Microsoft.Web/sites@2022-03-01' = {
    siteConfig: {
      linuxFxVersion: linuxFxVersion
      alwaysOn: alwaysOn
-      ftpsState: 'FtpsOnly'
+      ftpsState: ftpsState
+      minTlsVersion: '1.2'
      appCommandLine: appCommandLine
      numberOfWorkers: numberOfWorkers != -1 ? numberOfWorkers : null
      minimumElasticInstanceCount: minimumElasticInstanceCount != -1 ? minimumElasticInstanceCount : null
      use32BitWorkerProcess: use32BitWorkerProcess
      functionAppScaleLimit: functionAppScaleLimit != -1 ? functionAppScaleLimit : null
+      healthCheckPath: healthCheckPath
      cors: {
        allowedOrigins: union([ 'https://portal.azure.com', 'https://ms.portal.azure.com' ], allowedOrigins)
      }
--- a/infra/core/security/keyvault-access.bicep
+++ b/infra/core/security/keyvault-access.bicep
@@ -1,6 +1,6 @@
 param name string = 'add'

-param keyVaultName string = ''
+param keyVaultName string
 param permissions object = { secrets: [ 'get', 'list' ] }
 param principalId string