@@ -127,6 +127,10 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-08-01' = {
127127 }
128128}
129129
130+ resource fileShare 'Microsoft.Storage/storageAccounts/fileServices/shares@2022-09-01' = if (EnablePrivateNetworking != true || EnableElasticPremiumPlan == true ) {
131+ name : '${storageAccount .name }/default/${toLower (FunctionAppName )}'
132+ }
133+
130134resource queue 'Microsoft.Storage/storageAccounts/queueServices/queues@2022-09-01' = {
131135 name : '${storageAccount .name }/default/dlpqueue'
132136}
@@ -307,29 +311,70 @@ var appSettingsFiles = [
307311 name : 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING'
308312 value : 'DefaultEndpointsProtocol=https;AccountName=${StorageAccountName };EndpointSuffix=${environment ().suffixes .storage };AccountKey=${storageAccount .listKeys ().keys [0 ].value }'
309313 }
314+ {
315+ name : 'WEBSITE_CONTENTSHARE'
316+ value : toLower (FunctionAppName )
317+ }
310318]
311319
312320var appSettingsFilesKv = [
313321 {
314322 name : 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING'
315323 value : '@Microsoft.KeyVault(VaultName=${KeyVaultName };SecretName=StorageAccountConnectionString)'
316324 }
325+ {
326+ name : 'WEBSITE_CONTENTSHARE'
327+ value : toLower (FunctionAppName )
328+ }
317329]
318330
319- module functionAppDeploy 'modules/functionApp.bicep' = {
320- name : 'functionAppDeploy'
321- params : {
322- AppSettings : concat (appSettingsDefault , EnablePrivateNetworking != true || EnableElasticPremiumPlan == true ? appSettingsFiles : [])
323- EnablePrivateNetworking : EnablePrivateNetworking
324- FunctionAppName : FunctionAppName
325- FunctionAppSubnetId : EnablePrivateNetworking == true ? privateNetwork .outputs .functionAppSubnetId : ''
326- HostingPlanId : hostingPlan .id
327- Location : location
328- UserAssignedMiId : userAssignedMi .id
329- DeployFunctionCode : DeployFunctionCode
330- UserAssignedMiPrincipalId : userAssignedMi .properties .principalId
331- RoleIdOwner : roleIdOwner
332- AlwaysOn : EnablePrivateNetworking != true || EnableElasticPremiumPlan == true ? false : true
331+ resource functionApp 'Microsoft.Web/sites@2024-04-01' = {
332+ name : FunctionAppName
333+ location : location
334+ identity : {
335+ type : 'UserAssigned'
336+ userAssignedIdentities : {
337+ '${userAssignedMi .id }' : {}
338+ }
339+ }
340+ kind : 'functionapp'
341+ properties : {
342+ serverFarmId : hostingPlan .id
343+ keyVaultReferenceIdentity : userAssignedMi .id
344+ httpsOnly : true
345+ clientCertEnabled : true
346+ clientCertMode : 'OptionalInteractiveUser'
347+ virtualNetworkSubnetId : EnablePrivateNetworking == true ? privateNetwork .outputs .functionAppSubnetId : (null )
348+ vnetContentShareEnabled : EnablePrivateNetworking == true ? true : false
349+ vnetRouteAllEnabled : EnablePrivateNetworking == true ? true : false
350+ siteConfig : {
351+ appSettings : concat (appSettingsDefault , EnablePrivateNetworking != true || EnableElasticPremiumPlan == true ? appSettingsFiles : [])
352+ powerShellVersion : '7.4'
353+ minTlsVersion : '1.2'
354+ ftpsState : 'Disabled'
355+ http20Enabled : true
356+ alwaysOn : EnablePrivateNetworking != true || EnableElasticPremiumPlan == true ? false : true
357+ publicNetworkAccess : 'Enabled'
358+ cors : {
359+ allowedOrigins : [
360+ 'https://portal.azure.com'
361+ ]
362+ }
363+ }
364+ }
365+ dependsOn : [
366+ fileShare
367+ queue
368+ ]
369+ }
370+
371+ resource roleAssignmentFa 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (DeployFunctionCode == true ) {
372+ name : guid (subscription ().id , resourceGroup ().id , userAssignedMi .id )
373+ scope : functionApp
374+ properties : {
375+ principalId : userAssignedMi .properties .principalId
376+ roleDefinitionId : roleIdOwner
377+ principalType : 'ServicePrincipal'
333378 }
334379}
335380
@@ -343,13 +388,10 @@ module functionAppDeployFilesKv 'modules/functionApp.bicep' = if(EnablePrivateNe
343388 HostingPlanId : hostingPlan .id
344389 Location : location
345390 UserAssignedMiId : userAssignedMi .id
346- DeployFunctionCode : DeployFunctionCode
347- UserAssignedMiPrincipalId : userAssignedMi .properties .principalId
348- RoleIdOwner : roleIdOwner
349391 AlwaysOn : false
350392 }
351393 dependsOn : [
352- functionAppDeploy
394+ functionApp
353395 ]
354396}
355397
@@ -393,7 +435,7 @@ module sentinelRules 'modules/sentinelRules.bicep' = if (DeployAnalyticsRules ==
393435 scope : resourceGroup (split (law .id , '/' )[2 ], split (law .id , '/' )[4 ])
394436 dependsOn : [
395437 createCustomTables
396- functionAppDeploy
438+ functionApp
397439 purviewDLPFunction
398440 ]
399441 params : {
@@ -407,7 +449,7 @@ module sentinelWorkbooks 'modules/sentinelWorkbooks.bicep' = if(DeployWorkbooks
407449 scope : resourceGroup (split (law .id , '/' )[2 ], split (law .id , '/' )[4 ])
408450 dependsOn : [
409451 createCustomTables
410- functionAppDeploy
452+ functionApp
411453 ]
412454 params : {
413455 workbookSourceId : law .id
@@ -429,6 +471,7 @@ module privateNetwork 'modules/privateNetwork.bicep' = if(EnablePrivateNetworkin
429471 PrivateEndpointsSubnet : PrivateEndpointsSubnet
430472 PrincipalId : userAssignedMi .properties .principalId
431473 DeployCode : DeployFunctionCode
474+ EnableElasticPremiumPlan : EnableElasticPremiumPlan
432475 }
433476}
434477
@@ -437,7 +480,7 @@ module functionAppPe 'modules/functionAppPE.bicep' = if(EnablePrivateNetworking
437480 name : 'functionAppPe'
438481 params : {
439482 location : location
440- FunctionAppId : functionAppDeploy . outputs . functionAppId
483+ FunctionAppId : functionApp . id
441484 FunctionAppName : FunctionAppName
442485 PrivateEndpointSubnetId : EnablePrivateNetworking == true ? privateNetwork .outputs .privateEndpointSubnetId : (null )
443486 VnetId : EnablePrivateNetworking == true ? privateNetwork .outputs .vnetId : (null )
@@ -476,8 +519,8 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2023-08-01' = i
476519 ]
477520 primaryScriptUri : deploymentScriptUri
478521 arguments : EnablePrivateNetworking == true
479- ? '-PackageUri ${functionAppPackageUri } -SubscriptionId ${split (subscription ().id , '/' )[2 ]} -ResourceGroupName ${resourceGroup ().name } -FunctionAppName ${functionAppPe .outputs .functionAppName } -FAScope ${functionAppDeploy . outputs . functionAppId } -UAMIPrincipalId ${userAssignedMi .properties .principalId } -VnetScope ${privateNetwork .outputs .vnetId } -RestrictedIPs "None"'
480- : '-PackageUri ${functionAppPackageUri } -SubscriptionId ${split (subscription ().id , '/' )[2 ]} -ResourceGroupName ${resourceGroup ().name } -FunctionAppName ${functionAppDeploy . outputs . functionAppName } -FAScope ${functionAppDeploy . outputs . functionAppId } -UAMIPrincipalId ${userAssignedMi .properties .principalId }'
522+ ? '-PackageUri ${functionAppPackageUri } -SubscriptionId ${split (subscription ().id , '/' )[2 ]} -ResourceGroupName ${resourceGroup ().name } -FunctionAppName ${functionAppPe .outputs .functionAppName } -FAScope ${functionApp . id } -UAMIPrincipalId ${userAssignedMi .properties .principalId } -VnetScope ${privateNetwork .outputs .vnetId } -RestrictedIPs "None"'
523+ : '-PackageUri ${functionAppPackageUri } -SubscriptionId ${split (subscription ().id , '/' )[2 ]} -ResourceGroupName ${resourceGroup ().name } -FunctionAppName ${FunctionAppName } -FAScope ${functionApp . id } -UAMIPrincipalId ${userAssignedMi .properties .principalId }'
481524 }
482525 dependsOn : EnablePrivateNetworking != true || EnableElasticPremiumPlan == true ? [
483526 functionAppDeployFilesKv
0 commit comments