Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for Disable administrative endpoints in Azure Functions and WebApp #27430

Open
1 task done
Patrik-Berglund opened this issue Sep 18, 2024 · 3 comments
Open
1 task done

Comments

@Patrik-Berglund
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

Add support for Disable administrative endpoints in Azure Functions and WebApp via setting the App Service site setting: functionsRuntimeAdminIsolationEnabled = true

The documentation only mentions Azure Functions, but the option is available in the Azure Portal for Windows WebApps.

Determines whether the built-in administrator (/admin) endpoints in your function app can be accessed. When set to false (the default), the app allows requests to endpoints under /admin when those requests present a master key in the request. When true, /admin endpoints can't be accessed, even with a master key.

image

https://go.microsoft.com/fwlink/?linkid=2281478
https://learn.microsoft.com/en-us/azure/azure-functions/functions-app-settings

New or Affected Resource(s)/Data Source(s)

azurerm_windows_web_app, azurerm_windows_function_app

Potential Terraform Configuration

resource "azurerm_windows_function_app" "example" {
  site_config {
    functions_runtime_admin_isolation_enabled = true
  }
}

References

No response

@ning-kang
Copy link
Contributor

This config is managed by a site property named functionsRuntimeAdminIsolationEnabled. However I could not find the property in Azure REST API doc https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/create-or-update?view=rest-appservice-2023-12-01&tabs=HTTP#request-body or the sdk package https://github.com/hashicorp/go-azure-sdk/blob/main/resource-manager/web/2023-12-01/webapps/model_siteproperties.go.

@Patrik-Berglund
Copy link
Author

Can't find it either, strange that they release a feature in the Portal but doesn't make it available in the SDK:s / API.

@sherman89
Copy link

I don't use Terraform but found this thread via google. Could this be what you're looking for?

So FUNCTIONS_ADMIN_ISOLATION_ENABLED in siteConfig appSettings?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants