#73 Copy VNET integrations when cloning or creating Deployment Slots

scepman · Mar 15, 2024 · de51b27 · de51b27
1 parent 968e1a2
commit de51b27
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 2 deletions.
diff --git a/SCEPman/Private/app-service.ps1 b/SCEPman/Private/app-service.ps1
@@ -162,6 +162,14 @@ function GetAppServiceVnetId ($AppServiceName, $ResourceGroup) {
   return $vnetId
 }
 
+function SetAppServiceVnetId ($AppServiceName, $ResourceGroup, $vnetId, $DeploymentSlotName) {
+  $command = @("webapp", "update", "--name", $AppServiceName, "-g", $ResourceGroup, "--set", "virtualNetworkSubnetId=$vnetId")
+  if ($null -ne $DeploymentSlotName) {
+    $command += @("--slot", $DeploymentSlotName)
+  }
+  $null = ExecuteAzCommandRobustly -callAzNatively -azCommand $command
+}
+
 function CreateSCEPmanDeploymentSlot ($SCEPmanResourceGroup, $SCEPmanAppServiceName, $DeploymentSlotName) {
   $existingHostnameConfiguration = ReadAppSetting -AppServiceName $SCEPmanAppServiceName -ResourceGroup $SCEPmanResourceGroup -SettingName "AppConfig:AuthConfig:ManagedIdentityEnabledForWebsiteHostname"
 

diff --git a/SCEPman/Public/New-SCEPmanClone.ps1 b/SCEPman/Public/New-SCEPmanClone.ps1
@@ -124,8 +124,11 @@ function New-SCEPmanClone
         Write-Information "Adding permissions for Graph and Intune"
         $resourcePermissionsForSCEPman = GetSCEPmanResourcePermissions
 
+        Write-Information "Adding VNET integration to Clone"
+        SetAppServiceVnetId -AppServiceName $TargetAppServiceName -ResourceGroup $TargetResourceGroup -VnetId $scepManVnetId
+
         $DelayForSecurityPrincipals = 3000
-        Write-Verbose "Waiting for some $DelayForSecurityPrincipals milliseconds until the Security Principals are available"
+        Write-Verbose "Waiting for $DelayForSecurityPrincipals milliseconds until the Security Principals are available"
         Start-Sleep -Milliseconds $DelayForSecurityPrincipals
         $null = SetManagedIdentityPermissions -principalId $serviceprincipalsc.principalId -resourcePermissions $resourcePermissionsForSCEPman -GraphBaseUri $GraphBaseUri
 

diff --git a/SCEPman/Public/New-SCEPmanDeploymentSlot.ps1 b/SCEPman/Public/New-SCEPmanDeploymentSlot.ps1
@@ -71,7 +71,7 @@ function New-SCEPmanDeploymentSlot
     Write-Information "Checking VNET integration of SCEPman"
     $scepManVnetId = GetAppServiceVnetId -AppServiceName $SCEPmanAppServiceName -ResourceGroup $SCEPmanResourceGroup
     if ($null -ne $scepManVnetId) {
-        Write-Warning "SCEPman App Service is connected to VNET $ScepManVnetId. Cloning VNET settings is not yet supported. Please configure the VNET integration manually."
+        Write-Information "SCEPman App Service is connected to VNET $ScepManVnetId. The Deployment Slot will inherit this configuration."
     }
 
     if ($PSCmdlet.ShouldProcess($DeploymentSlotName, "Creating SCEPman Deployment Slot")) {
@@ -82,6 +82,11 @@ function New-SCEPmanDeploymentSlot
         Write-Debug "Created SCEPman Deployment Slot has Managed Identity Principal $serviceprincipalsc"
     }
 
+    if ($PSCmdlet.ShouldProcess($scepManVnetId, "Adding VNET integration to new deployment slot")) {
+        Write-Information "Adding VNET integration to new Deployment Slot"
+        SetAppServiceVnetId -AppServiceName $SCEPmanAppServiceName -ResourceGroup $SCEPmanResourceGroup -VnetId $scepManVnetId -DeploymentSlotName $DeploymentSlotName
+    }
+
     if ($PSCmdlet.ShouldProcess($ScSDeploymentSlotNametorageAccount, "Adding storage account permissions to new deployment slot")) {
         Write-Information "Adding permissions to Storage Account"
         $existingTableStorageEndpointSetting = GetSCEPmanStorageAccountConfig -SCEPmanResourceGroup $SCEPmanResourceGroup -SCEPmanAppServiceName $SCEPmanAppServiceName -DeploymentSlotName $DeploymentSlotName