1

I am trying to add new ip addresses to the whitelist of Azure AppService. I am unable to use XML Transformation or simply replace tokens as the needed list of new entries will be obtained in the beginning of the release and not before. I am also unable to modify the content of the zipped site (published with /p:DeployOnBuild=True). The deployment is done using "Azure App Service Deploy" task. I know of Set-AzureRMWebApp cmdlet but it only allows to modify the appSettings and connectionStrings sections. It there any other solution?

Quass1m
  • 315
  • 2
  • 4
  • 11

1 Answers1

3

Using Set-AzureRMResource PowerShell command:

$r = Get-AzureRmResource -ResourceGroupName "Resoucegroup name" -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01

$p = $r.Properties
$p.ipSecurityRestrictions = @()
$restriction = @{}
$restriction.Add("ipAddress","0.0.0.0")
$restriction.Add("subnetMask","0.0.0.0")
$p.ipSecurityRestrictions+= $restriction

Set-AzureRmResource -ResourceGroupName  "Resoucegroup name" -ResourceType Microsoft.Web/sites/config -ResourceName resourcename/web -ApiVersion 2016-08-01 -PropertyObject $p

A Related thread: Azure Resource Manager IP Security Restrictions using Powershell

Another way is that you can publish project with FileSystem method:

Some Build Tasks:

  1. Visual Studio Build (MSBuild Arguments: /p:SkipInvalidConfigurations=true /p:DeployOnBuild=true /p:WebPublishMethod=FileSystem /p:publishUrl="$(build.artifactstagingdirectory)\\" /p:DeployDefaultTarget=WebPublish)
  2. Publish Build Artifacts (Path to Publish: $(build.artifactstagingdirectory))

Release Tasks:

  1. Replace token or Other tasks to update web.config (Could use File Transform & Variable Substitution in Azure App Service Deploy task)
  2. Azure App Service Deploy (1. Uncheck Publish using WebDeloy option 2. Package or folder: $(System.DefaultWorkingDirectory)
starian chen-MSFT
  • 33,174
  • 2
  • 29
  • 53
  • This approach has a drawback where it only works for post-deployment scenario. – juvchan Sep 22 '17 at 09:02
  • @juvchan What do you mean post-deployment scenario? What's the detail scenario? – starian chen-MSFT Sep 22 '17 at 09:42
  • In my case I am trying to add new entries to the web.config file. I can see this approach working but on the resource level which is not something I can go with. – Quass1m Sep 22 '17 at 15:17
  • 1
    @Quass1m You could publish web project with FileSystem method (Check the update of my answer) – starian chen-MSFT Sep 25 '17 at 01:56
  • I currently use "Azure App Service Deploy" task in VSTS. I don't think you can you it to deploy from something different than a package. Do you know of a workaround for this? Of course, zipping the application is a potential solution but I would like to avoid it if possible. – Quass1m Sep 25 '17 at 13:29
  • 1
    @Quass1m You can deploy the published files in a folder through Azure App Service Deploy task, just uncheck Publish Using WebDeploy option. You can try it and check the result. – starian chen-MSFT Sep 26 '17 at 01:29
  • @starain-MSFT Unchecking this option did in fact work but now I am unable to replace values in my web.config with the parameters.xml file (and SetParameters.xml is not being created in "File System" publish method). For a different reason I am unable to move all tokenized parameters to web.*.config and use transformations (workflow requirements). The "XML transformation" and "XML variable substitution" options don't help me. Thank you for your advice anyway since it may help others. – Quass1m Sep 27 '17 at 14:06
  • @Quass1m Could you set the IP value in parameters.xml and SetParameters.xml files? – starian chen-MSFT Sep 28 '17 at 01:47
  • It's not possible in my workflow. I only know the full list of IP's to add in deploy time, not during build. The addresses point at build agents, test agents, load test agents etc. I am unable to use subnet mask or a range of public IP's since they are provided randomly. I found no way to add new ipSecurity entries by modifying the SetParametrs.xml file alone. The key point is also not to modify the zipped WebDeploy package file. – Quass1m Sep 28 '17 at 07:49
  • 1
    @Quass1m You can insert the element, check this blog: [Web Deploy XML File Parameterization](https://blogs.iis.net/elliotth/web-deploy-xml-file-parameterization), then change the value in SetParameters.xml file in release. – starian chen-MSFT Sep 28 '17 at 08:05
  • I have read this article before but did not notice that you can use msdeploy this way. With this I believe I can solve my issues. Thank you for all the help! – Quass1m Sep 28 '17 at 09:53