Skip to content

Commit

Permalink
storage account: allow shared key false, cognitive service account: d…
Browse files Browse the repository at this point in the history
…iable local auth true
  • Loading branch information
luxu-ms committed Mar 15, 2024
1 parent 6f7cf58 commit 9bb8886
Show file tree
Hide file tree
Showing 20 changed files with 22 additions and 10 deletions.
1 change: 1 addition & 0 deletions Environments/AKS/core/ai/cognitiveservices.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ resource account 'Microsoft.CognitiveServices/accounts@2022-10-01' = {
properties: {
customSubDomainName: customSubDomainName
publicNetworkAccess: publicNetworkAccess
disableLocalAuth: true
}
sku: sku
}
Expand Down
2 changes: 1 addition & 1 deletion Environments/AKS/core/storage/storage-account.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ param tags object = {}
param accessTier string = 'Hot'
param allowBlobPublicAccess bool = true
param allowCrossTenantReplication bool = true
param allowSharedKeyAccess bool = true
param allowSharedKeyAccess bool = false
param containers array = []
param defaultToOAuthAuthentication bool = false
param deleteRetentionPolicy object = {}
Expand Down
1 change: 1 addition & 0 deletions Environments/APIM/core/storage/storage-account.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = {
properties: {
minimumTlsVersion: minimumTlsVersion
allowBlobPublicAccess: allowBlobPublicAccess
allowSharedKeyAccess: false
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Allow'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = {
properties: {
minimumTlsVersion: minimumTlsVersion
allowBlobPublicAccess: allowBlobPublicAccess
allowSharedKeyAccess: false
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Allow'
Expand Down
5 changes: 3 additions & 2 deletions Environments/FunctionApp/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2022-05-01' = {
kind: 'StorageV2'
properties: {
supportsHttpsTrafficOnly: supportsHttpsTrafficOnly
allowSharedKeyAccess: false
}
tags: tags
}
Expand All @@ -89,8 +90,8 @@ resource functionApp 'Microsoft.Web/sites@2022-03-01' = {
linuxFxVersion: linexFxVersions[runtime]
appSettings: [
{
name: 'AzureWebJobsStorage'
value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};AccountKey=${storageAccount.listKeys().keys[0].value}'
name: 'AzureWebJobsStorage__accountName'
value: storageAccount.name
}
{
name: 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING'
Expand Down
1 change: 1 addition & 0 deletions Environments/OpenAISearch/core/ai/cognitiveservices.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ resource account 'Microsoft.CognitiveServices/accounts@2022-10-01' = {
properties: {
customSubDomainName: customSubDomainName
publicNetworkAccess: publicNetworkAccess
disableLocalAuth: true
}
sku: sku
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ param tags object = {}
param accessTier string = 'Hot'
param allowBlobPublicAccess bool = false
param allowCrossTenantReplication bool = true
param allowSharedKeyAccess bool = true
param allowSharedKeyAccess bool = false
param defaultToOAuthAuthentication bool = false
param deleteRetentionPolicy object = {}
@allowed([ 'AzureDnsZone', 'Standard' ])
Expand Down
1 change: 1 addition & 0 deletions Environments/OpenAISearch/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,7 @@ module storage 'core/storage/storage-account.bicep' = {
location: storageResourceGroupLocation
tags: tags
publicNetworkAccess: 'Enabled'
allowSharedKeyAccess: false
sku: {
name: 'Standard_ZRS'
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ resource account 'Microsoft.CognitiveServices/accounts@2022-10-01' = {
properties: {
customSubDomainName: name
publicNetworkAccess: 'Enabled'
disableLocalAuth: true
}
sku: {
name: 'S0'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ param tags object = {}
param accessTier string = 'Hot'
param allowBlobPublicAccess bool = false
param allowCrossTenantReplication bool = true
param allowSharedKeyAccess bool = true
param allowSharedKeyAccess bool = false
param defaultToOAuthAuthentication bool = false
@allowed([ 'AzureDnsZone', 'Standard' ])
param dnsEndpointType string = 'Standard'
Expand Down
1 change: 1 addition & 0 deletions Environments/StaticWeb/core/ai/cognitiveservices.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ resource account 'Microsoft.CognitiveServices/accounts@2022-10-01' = {
properties: {
customSubDomainName: customSubDomainName
publicNetworkAccess: publicNetworkAccess
disableLocalAuth: true
}
sku: sku
}
Expand Down
2 changes: 1 addition & 1 deletion Environments/StaticWeb/core/storage/storage-account.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ param tags object = {}
param accessTier string = 'Hot'
param allowBlobPublicAccess bool = true
param allowCrossTenantReplication bool = true
param allowSharedKeyAccess bool = true
param allowSharedKeyAccess bool = false
param containers array = []
param defaultToOAuthAuthentication bool = false
param deleteRetentionPolicy object = {}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
customSubDomainName: customSubDomainName
publicNetworkAccess: publicNetworkAccess
networkAcls: networkAcls
disableLocalAuth: true
}
sku: sku
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ param tags object = {}
param accessTier string = 'Hot'
param allowBlobPublicAccess bool = true
param allowCrossTenantReplication bool = true
param allowSharedKeyAccess bool = true
param allowSharedKeyAccess bool = false
param containers array = []
param defaultToOAuthAuthentication bool = false
param deleteRetentionPolicy object = {}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
customSubDomainName: customSubDomainName
publicNetworkAccess: publicNetworkAccess
networkAcls: networkAcls
disableLocalAuth: true
}
sku: sku
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ param tags object = {}
param accessTier string = 'Hot'
param allowBlobPublicAccess bool = true
param allowCrossTenantReplication bool = true
param allowSharedKeyAccess bool = true
param allowSharedKeyAccess bool = false
param containers array = []
param defaultToOAuthAuthentication bool = false
param deleteRetentionPolicy object = {}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
customSubDomainName: customSubDomainName
publicNetworkAccess: publicNetworkAccess
networkAcls: networkAcls
disableLocalAuth: true
}
sku: sku
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ param tags object = {}
param accessTier string = 'Hot'
param allowBlobPublicAccess bool = true
param allowCrossTenantReplication bool = true
param allowSharedKeyAccess bool = true
param allowSharedKeyAccess bool = false
param containers array = []
param defaultToOAuthAuthentication bool = false
param deleteRetentionPolicy object = {}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
customSubDomainName: customSubDomainName
publicNetworkAccess: publicNetworkAccess
networkAcls: networkAcls
disableLocalAuth: true
}
sku: sku
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ param tags object = {}
param accessTier string = 'Hot'
param allowBlobPublicAccess bool = true
param allowCrossTenantReplication bool = true
param allowSharedKeyAccess bool = true
param allowSharedKeyAccess bool = false
param containers array = []
param defaultToOAuthAuthentication bool = false
param deleteRetentionPolicy object = {}
Expand Down

0 comments on commit 9bb8886

Please sign in to comment.