[Modules] Add all objects under Web/Sites/config

[HenrikVestli]

Description

Instead of creating one folder and with sub items per sites/config properties, I suggest using an array to pass the objects to sites/config with an foreach loop. Sites/config currently have the following properties that’s not supported by this repo

• authsettings
• azurestorageaccounts
• backup
• connectionstrings
• logs
• metadata
• pushsettings
• slotConfigNames
• web

With this approach you can pass the config as array with the properties under sites/config that you need.

config: [
  {
    name: 'web'
    value: {
      ipSecurityRestrictions: [
        {
          vnetSubnetResourceId: nestedDependencies.outputs.subnetResourceId
          action: 'Allow'
          tag: 'Default'
          priority: 200
          name: 'Allow from VNET'
          description: 'Allow from vnet'
        }
        {
          ipAddress: 'Any'
          action: 'Deny'
          priority: 2147483647
          name: 'Deny all'
          description: 'Deny all access'
        }
      ]
      ipSecurityRestrictionsDefaultAction: 'Deny'
    }
  }
  {
    name: 'authsettingsV2'
    value: {
      globalValidation: {
        requireAuthentication: true
        unauthenticatedClientAction: 'Return401'
      }
      httpSettings: {
        forwardProxy: {
          convention: 'NoProxy'
        }
        requireHttps: true
        routes: {
          apiPrefix: '/.auth'
        }
      }
      identityProviders: {
        azureActiveDirectory: {
          enabled: true
          login: {
            disableWWWAuthenticate: false
          }
          registration: {
            clientId: 'd874dd2f-2032-4db1-a053-f0ec243685aa'
            clientSecretSettingName: 'EASYAUTH_SECRET'
            openIdIssuer: 'https://sts.windows.net/${tenant().tenantId}/v2.0/'
          }
          validation: {
            allowedAudiences: [
              'api://d874dd2f-2032-4db1-a053-f0ec243685aa'
            ]
            defaultAuthorizationPolicy: {
              allowedPrincipals: {}
            }
            jwtClaimChecks: {}
          }
        }
      }
      login: {
        allowedExternalRedirectUrls: [
          'string'
        ]
        cookieExpiration: {
          convention: 'FixedTime'
          timeToExpiration: '08:00:00'
        }
        nonce: {
          nonceExpirationInterval: '00:05:00'
          validateNonce: true
        }
        preserveUrlFragmentsForLogins: false
        routes: {}
        tokenStore: {
          azureBlobStorage: {}
          enabled: true
          fileSystem: {}
          tokenRefreshExtensionHours: 72
        }
      }
      platform: {
        enabled: true
        runtimeVersion: '~1'
      }
    }
  }
]

More info on the different properties can be found here Microsoft.Web/sites/config 'web' - Bicep, ARM template & Terraform AzAPI reference | Microsoft Learn

Changes done
• Renamed config--authsettingsv2 (folder) to config (under root and slots)
• Changed config/main.bicep to handle input on name and properties.
• Changed main.bicep to for each loop with config as an array.
• Changes main.test.bicep to use new settings.

Pipeline references

Pipeline

Type of Change

Please delete options that are not relevant.

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Update to documentation

Checklist

• I'm sure there are no other open Pull Requests for the same update/change
• My corresponding pipelines / checks run clean and green without any errors or warnings
• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation (readme)
• I did format my code

[HenrikVestli]

@microsoft-github-policy-service agree

…

On 9 Aug 2023, at 18:16, microsoft-github-policy-service[bot] ***@***.***> wrote: @microsoft-github-policy-service agree company="Microsoft"

[AlexanderSehr]

Hey @HenrikVestli,
it has been a long time since this was implemented and I try to wrap my head around it (& maybe @dr-dolittle has some intput too).
I believe the original reason this was split was to be able to implement some logic as is the case in the AppSettings child module and its appInsightsValues variable.
In contrast, the V2 child is very generic and nobody ever contributed the other types of configs you listed above.
I guess, as long as there is no need to implement any of the other config types explicitely (because they'd also auto-create some app settings) nothing speaks against replacing authsettingsv2 in favor of plain config.

I'm unfortuantely not an AppService expert, so I may not be the best person to advise here - just raising what I recall.

cc: @eriqua, any thoughts?

[HenrikVestli]

@AlexanderSehr or @eriqua : Any thoughts or updates on this one?