From 910c8a5b2cec14838688d8240e796362c7ec3811 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Mon, 29 Jul 2024 16:50:55 -0500 Subject: [PATCH] Fix logic for tcp deployment --- avm/res/app/container-app/README.md | 12 ++++++++++++ avm/res/app/container-app/main.bicep | 4 ++-- avm/res/app/container-app/main.json | 4 ++-- .../app/container-app/tests/e2e/vnet/main.test.bicep | 3 +++ 4 files changed, 19 insertions(+), 4 deletions(-) diff --git a/avm/res/app/container-app/README.md b/avm/res/app/container-app/README.md index 4ba0fe83d2..a878e887fd 100644 --- a/avm/res/app/container-app/README.md +++ b/avm/res/app/container-app/README.md @@ -406,6 +406,9 @@ module containerApp 'br/public:avm/res/app/container-app:' = { environmentId: '' name: 'acavnet001' // Non-required parameters + ingressAllowInsecure: false + ingressExternal: false + ingressTargetPort: 80 ingressTransport: 'tcp' location: '' } @@ -444,6 +447,15 @@ module containerApp 'br/public:avm/res/app/container-app:' = { "value": "acavnet001" }, // Non-required parameters + "ingressAllowInsecure": { + "value": false + }, + "ingressExternal": { + "value": false + }, + "ingressTargetPort": { + "value": 80 + }, "ingressTransport": { "value": "tcp" }, diff --git a/avm/res/app/container-app/main.bicep b/avm/res/app/container-app/main.bicep index e7d06e78b7..d27c90df82 100644 --- a/avm/res/app/container-app/main.bicep +++ b/avm/res/app/container-app/main.bicep @@ -195,7 +195,7 @@ resource containerApp 'Microsoft.App/containerApps@2023-05-01' = { activeRevisionsMode: activeRevisionsMode dapr: !empty(dapr) ? dapr : null ingress: disableIngress ? null : { - allowInsecure: ingressTransport != 'tcp' ? ingressAllowInsecure : null + allowInsecure: ingressTransport != 'tcp' ? ingressAllowInsecure : false customDomains: !empty(customDomains) ? customDomains : null corsPolicy: corsPolicy != null && ingressTransport != 'tcp' ? { allowCredentials: corsPolicy.?allowCredentials ?? false @@ -205,7 +205,7 @@ resource containerApp 'Microsoft.App/containerApps@2023-05-01' = { exposeHeaders: corsPolicy.?exposeHeaders ?? [] maxAge: corsPolicy.?maxAge } : null - clientCertificateMode: clientCertificateMode + clientCertificateMode: ingressTransport != 'tcp' ? clientCertificateMode : null exposedPort: exposedPort external: ingressExternal ipSecurityRestrictions: !empty(ipSecurityRestrictions) ? ipSecurityRestrictions : null diff --git a/avm/res/app/container-app/main.json b/avm/res/app/container-app/main.json index 5aff23f5e8..e306f42b8a 100644 --- a/avm/res/app/container-app/main.json +++ b/avm/res/app/container-app/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "10557254703672639424" + "templateHash": "17474670877794187384" }, "name": "Container Apps", "description": "This module deploys a Container App.", @@ -791,7 +791,7 @@ "configuration": { "activeRevisionsMode": "[parameters('activeRevisionsMode')]", "dapr": "[if(not(empty(parameters('dapr'))), parameters('dapr'), null())]", - "ingress": "[if(parameters('disableIngress'), null(), createObject('allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), null()), 'customDomains', if(not(empty(parameters('customDomains'))), parameters('customDomains'), null()), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', parameters('clientCertificateMode'), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', if(not(empty(parameters('ipSecurityRestrictions'))), parameters('ipSecurityRestrictions'), null()), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), createArray(createObject('label', parameters('trafficLabel'), 'latestRevision', parameters('trafficLatestRevision'), 'revisionName', parameters('trafficRevisionName'), 'weight', parameters('trafficWeight'))), null()), 'transport', parameters('ingressTransport')))]", + "ingress": "[if(parameters('disableIngress'), null(), createObject('allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', if(not(empty(parameters('customDomains'))), parameters('customDomains'), null()), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', if(not(empty(parameters('ipSecurityRestrictions'))), parameters('ipSecurityRestrictions'), null()), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), createArray(createObject('label', parameters('trafficLabel'), 'latestRevision', parameters('trafficLatestRevision'), 'revisionName', parameters('trafficRevisionName'), 'weight', parameters('trafficWeight'))), null()), 'transport', parameters('ingressTransport')))]", "maxInactiveRevisions": "[parameters('maxInactiveRevisions')]", "registries": "[if(not(empty(parameters('registries'))), parameters('registries'), null())]", "secrets": "[variables('secretList')]" diff --git a/avm/res/app/container-app/tests/e2e/vnet/main.test.bicep b/avm/res/app/container-app/tests/e2e/vnet/main.test.bicep index b9b997ce5a..7280bc634f 100644 --- a/avm/res/app/container-app/tests/e2e/vnet/main.test.bicep +++ b/avm/res/app/container-app/tests/e2e/vnet/main.test.bicep @@ -53,7 +53,10 @@ module testDeployment '../../../main.bicep' = [ name: '${namePrefix}${serviceShort}001' environmentId: nestedDependencies.outputs.managedEnvironmentResourceId location: resourceLocation + ingressExternal: false ingressTransport: 'tcp' + ingressAllowInsecure: false + ingressTargetPort: 80 containers: [ { name: 'simple-hello-world-container'