Fix logic for tcp deployment

oZakari · Jul 29, 2024 · 910c8a5 · 910c8a5
1 parent 1184d63
commit 910c8a5
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 4 deletions.
diff --git a/avm/res/app/container-app/README.md b/avm/res/app/container-app/README.md
@@ -406,6 +406,9 @@ module containerApp 'br/public:avm/res/app/container-app:<version>' = {
     environmentId: '<environmentId>'
     name: 'acavnet001'
     // Non-required parameters
+    ingressAllowInsecure: false
+    ingressExternal: false
+    ingressTargetPort: 80
     ingressTransport: 'tcp'
     location: '<location>'
   }
@@ -444,6 +447,15 @@ module containerApp 'br/public:avm/res/app/container-app:<version>' = {
       "value": "acavnet001"
     },
     // Non-required parameters
+    "ingressAllowInsecure": {
+      "value": false
+    },
+    "ingressExternal": {
+      "value": false
+    },
+    "ingressTargetPort": {
+      "value": 80
+    },
     "ingressTransport": {
       "value": "tcp"
     },

diff --git a/avm/res/app/container-app/main.bicep b/avm/res/app/container-app/main.bicep
@@ -195,7 +195,7 @@ resource containerApp 'Microsoft.App/containerApps@2023-05-01' = {
       activeRevisionsMode: activeRevisionsMode
       dapr: !empty(dapr) ? dapr : null
       ingress: disableIngress ? null : {
-        allowInsecure: ingressTransport != 'tcp' ? ingressAllowInsecure : null
+        allowInsecure: ingressTransport != 'tcp' ? ingressAllowInsecure : false
         customDomains: !empty(customDomains) ? customDomains : null
         corsPolicy: corsPolicy != null && ingressTransport != 'tcp' ? {
           allowCredentials: corsPolicy.?allowCredentials ?? false
@@ -205,7 +205,7 @@ resource containerApp 'Microsoft.App/containerApps@2023-05-01' = {
           exposeHeaders: corsPolicy.?exposeHeaders ?? []
           maxAge: corsPolicy.?maxAge
         } : null
-        clientCertificateMode: clientCertificateMode
+        clientCertificateMode: ingressTransport != 'tcp' ? clientCertificateMode : null
         exposedPort: exposedPort
         external: ingressExternal
         ipSecurityRestrictions: !empty(ipSecurityRestrictions) ? ipSecurityRestrictions : null

diff --git a/avm/res/app/container-app/main.json b/avm/res/app/container-app/main.json
@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.29.47.4906",
-      "templateHash": "10557254703672639424"
+      "templateHash": "17474670877794187384"
     },
     "name": "Container Apps",
     "description": "This module deploys a Container App.",
@@ -791,7 +791,7 @@
         "configuration": {
           "activeRevisionsMode": "[parameters('activeRevisionsMode')]",
           "dapr": "[if(not(empty(parameters('dapr'))), parameters('dapr'), null())]",
-          "ingress": "[if(parameters('disableIngress'), null(), createObject('allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), null()), 'customDomains', if(not(empty(parameters('customDomains'))), parameters('customDomains'), null()), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', parameters('clientCertificateMode'), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', if(not(empty(parameters('ipSecurityRestrictions'))), parameters('ipSecurityRestrictions'), null()), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), createArray(createObject('label', parameters('trafficLabel'), 'latestRevision', parameters('trafficLatestRevision'), 'revisionName', parameters('trafficRevisionName'), 'weight', parameters('trafficWeight'))), null()), 'transport', parameters('ingressTransport')))]",
+          "ingress": "[if(parameters('disableIngress'), null(), createObject('allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', if(not(empty(parameters('customDomains'))), parameters('customDomains'), null()), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', if(not(empty(parameters('ipSecurityRestrictions'))), parameters('ipSecurityRestrictions'), null()), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), createArray(createObject('label', parameters('trafficLabel'), 'latestRevision', parameters('trafficLatestRevision'), 'revisionName', parameters('trafficRevisionName'), 'weight', parameters('trafficWeight'))), null()), 'transport', parameters('ingressTransport')))]",
           "maxInactiveRevisions": "[parameters('maxInactiveRevisions')]",
           "registries": "[if(not(empty(parameters('registries'))), parameters('registries'), null())]",
           "secrets": "[variables('secretList')]"

diff --git a/avm/res/app/container-app/tests/e2e/vnet/main.test.bicep b/avm/res/app/container-app/tests/e2e/vnet/main.test.bicep
@@ -53,7 +53,10 @@ module testDeployment '../../../main.bicep' = [
       name: '${namePrefix}${serviceShort}001'
       environmentId: nestedDependencies.outputs.managedEnvironmentResourceId
       location: resourceLocation
+      ingressExternal: false
       ingressTransport: 'tcp'
+      ingressAllowInsecure: false
+      ingressTargetPort: 80
       containers: [
         {
           name: 'simple-hello-world-container'