PramodValavala-MSFT
commented
1 year ago @anwarnk Thanks for the feedback! We will review and get back to you on this.
Closed anwarnk closed 1 year ago
PramodValavala-MSFT
commented
1 year ago @anwarnk Thanks for the feedback! We will review and get back to you on this.
navba-MSFT
commented
1 year ago @anwarnk Thanks for reaching out to us and reporting this issue. I tried to invoke the same above REST API with the below request Body and it worked fine.
{"properties": {"SqlServer1": {"value":
"Server=tcp:sqldemo.database.windows.net,1433;Initial Catalog=sqldemo;Persist Security Info=False;User
ID=sqldba;Password={your_password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection
Timeout=30;", "type": "SQLServer"}}}Could you please try with the above body and check if that helps ? Awaiting your reply.
anwarnk
commented
1 year ago Hi, I have just tried the above. I get the same error:
Did you try it with the policy enabled? We can get it to work if we disable the policy for "AppService append enable https only setting to enforce https setting." Policy details:
{ "properties": { "displayName": "AppService append enable https only setting to enforce https setting.", "policyType": "Custom", "mode": "All", "description": "Appends the AppService sites object to ensure that HTTPS only is enabled for server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.", "metadata": { "alzCloudEnvironments": [ "AzureCloud", "AzureChinaCloud", "AzureUSGovernment" ], "category": "App Service", "source": "https://github.com/Azure/Enterprise-Scale/", "version": "1.0.0", "createdBy": "5ca1460f-4d12-4947-b85c-d0b56be5e9fd", "createdOn": "2023-01-12T11:09:40.1243032Z", "updatedBy": null, "updatedOn": null }, "parameters": { "effect": { "type": "String", "metadata": { "description": "Enable or disable the execution of the policy", "displayName": "Effect" }, "allowedValues": [ "Append", "Disabled" ], "defaultValue": "Append" } }, "policyRule": { "if": { "allOf": [ { "equals": "Microsoft.Web/sites", "field": "type" }, { "field": "Microsoft.Web/sites/httpsOnly", "notequals": true } ] }, "then": { "details": [ { "field": "Microsoft.Web/sites/httpsOnly", "value": true } ], "effect": "[parameters('effect')]" } }
navba-MSFT
commented
1 year ago @anwarnk Thanks for getting back. I have created an Azure Policy using the above Policy Definition and also assigned it. After a few hours I tested with above request Body and it worked again.
anwarnk
commented
1 year ago Apologies, the policy is not "AppService append enable https only setting to enforce https setting"
It is: "AppService append sites with minimum TLS version to enforce" https://www.azadvertizer.net/azpolicyadvertizer/Append-AppService-latestTLS.html.
It looks like the enterprise scale has labelled them incorrectly.
navba-MSFT
commented
1 year ago @anwarnk Thanks for providing the right policy. I will check this further and get back to you.
navba-MSFT
commented
1 year ago @anwarnk Apologies for the late reply. Since the policy is to enforce the AppService append sites with minimum TLS version with default (1.2), You can try to update the policy rule as below:
"policyRule": {
"if": {
"allOf": [
{
"field": "Microsoft.Web/sites/config/minTlsVersion",
"exists": "true"
},
{
"field": "Microsoft.Web/sites/config/minTlsVersion",
"notEquals": "[parameters('minTlsVersion')]"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": [
{
"field": "Microsoft.Web/sites/config/minTlsVersion",
"value": "[parameters('minTlsVersion')]"
}
]
}
}With this policy in place I was able to invoke the above REST API.
anwarnk
commented
1 year ago Many thanks, that has fixed our issue. :-)
navba-MSFT
commented
1 year ago @anwarnk Thanks for getting back. We will now proceed with closure of this GitHub issue. If you need any further assistance on this issue in future, please feel free to reopen this thread. We would be happy to help.
Hi, We are having issues with updating our connection strings using within a Windows Web App Service: App Service API Version: 2022-03-01
"https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/update-connection-strings#connstringvaluetypepair"
The relevant details are filled in and the body is specified with:
{ "properties": { "DefaultConnection": { "value": "my_connection_string", "type": "SQLServer" } } }
However, the response code is 400.
In the JSON body, the error is displayed as:
{ "Code": "BadRequest", "Message": "The parameter properties has an invalid value.", "Target": null, "Details": [ { "Message": "The parameter properties has an invalid value." }, { "Code": "BadRequest" }, { "ErrorEntity": { "ExtendedCode": "51008", "MessageTemplate": "The parameter {0} has an invalid value.", "Parameters": [ "properties" ], "Code": "BadRequest", "Message": "The parameter properties has an invalid value." } } ], "Innererror": null }
We have the Azure Landing Zone policy enabled "AppService append enable https only setting to enforce https setting" see https://www.azadvertizer.net/azpolicyadvertizer/Append-AppService-httpsonly.html
This policy is preventing the connection string from creating connection string via API, I can add the connection manually via portal without any issues.
Please could you advise, why the API is rejecting this with BadRequest even though the https only is set to true?
Thanks