- web app settings (ftps/php)

-Policies
2026-02-27 18:52:18 +01:00 · 2022-08-11 11:14:28 +02:00
parent 7238a5c4f3
commit f5f8333dce
13 changed files with 93861 additions and 549 deletions
--- a/Powershell/Tools/ApplyTags.ps1
+++ b/Powershell/Tools/ApplyTags.ps1
@@ -7,24 +7,22 @@ function ApplyTeamTag (
    [string] $subscriptionId,
    [string] $tagValue) {

-    if ($global:currentSubs -ne $subscriptionId) {
+    if ($global:currentSubs -ne $subscriptionId) 
+    {
        Set-AzContext -SubscriptionId $subscriptionId
        $global:currentSubs = $subscriptionId
    }
-    try {
-    
-    $tags = (Get-AzResource -ResourceId $resourceId).Tags
-    $tags.team = $tagValue
-    Update-AzTag -ResourceId $resourceId -Tag $tags -Operation Merge
-
+    try 
+    {
+        $tags = (Get-AzResource -ResourceId $resourceId).Tags
+        $tags.team = $tagValue
+        Update-AzTag -ResourceId $resourceId -Tag $tags -Operation Merge
    }
    catch {
         Write-Warning "Could not update $resourceId"
    }
 }

-ApplyTeamTag -resourceId '/subscriptions/a134faf1-7a89-4f2c-8389-06d00bd5e2a7/resourceGroups/RespondentIntegrationEventSync/providers/Microsoft.KeyVault/vaults/RespondentEventSync' -subscriptionId 'a134faf1-7a89-4f2c-8389-06d00bd5e2a7' -tagValue 'orange'
-
 function ApplyProductTag (
    [string] $resourceId, 
    [string] $subscriptionId,
--- a/Powershell/Tools/Azure
+++ b/Powershell/Tools/Azure
@@ -0,0 +1,3 @@
+#Get-AzRoleDefinition 'Storage Data Contributor' | ConvertTo-Json 
+
+Set-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Cloud Engineering\Custom roles\Storage Data Contributor.json'
--- a/Powershell/Tools/WebApp
+++ b/Powershell/Tools/WebApp
@@ -0,0 +1,82 @@
+#Connect-AzAccount
+
+class ResourceCheck {
+    [string] $ResourceId = ""
+    [string] $Kind = ""
+    [string] $Location = ""
+    [string] $ResourceName = ""
+    [string] $ResourceGroup = ""
+    [string] $ResourceType = ""
+    [string] $State = ""
+    [string] $SubscriptionId = ""
+    [string] $SubscriptionName = ""
+    [string] $Tag_Team = ""
+    [string] $Tag_Product = ""
+    [string] $Tag_Environment = ""
+    [string] $Tag_Data = ""
+    [string] $Tag_CreatedOnDate = ""
+    [string] $Prop_HttpsOnly = ""
+    [string] $Prop_PhpVersion = ""
+    [string] $Prop_NetFrameworkVersion = ""
+    [string] $Prop_WindowsFxVersion = ""
+    [string] $Prop_RemoteDebuggingEnabled = ""
+    [string] $Prop_MinTlsVersion = ""
+    [string] $Prop_FtpsState = ""
+}
+
+
+Write-Host "======================================================================================================================================================================"
+Write-Host "Creating webapp resource overview."
+Write-Host "======================================================================================================================================================================"
+
+$subscriptions = Get-AzSubscription | Where-Object State -eq "Enabled"
+
+foreach ($subscription in $subscriptions) 
+{
+    Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
+
+    Set-AzContext -SubscriptionId $subscription.Id
+
+    Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
+
+    $allResourceGroups = Get-AzResourceGroup
+
+    foreach ($group in $allResourceGroups) {
+
+        Write-Host "Resource group $($group.ResourceGroupName)"
+
+        $allWebApps = Get-AzWebApp -ResourceGroupName $group.ResourceGroupName
+        
+        foreach ($webApp in $allWebApps) {
+
+            if (($webApp.SiteConfig.FtpsState -ne "Disabled") -and ($webApp.SiteConfig.FtpsState -ne "FtpsOnly")) {
+                Write-Host "Disable FTP $($webApp.Name)"
+                $x = Set-AzWebApp -Name $webApp.Name -ResourceGroupName $group.ResourceGroupName -FtpsState Disabled
+            }
+            if (($webApp.SiteConfig.PhpVersion -ne "off") -and ($webApp.SiteConfig.PhpVersion -ne "")) {
+                Write-Host "Disable PHP $($webApp.Name)"
+                $x = Set-AzWebApp -Name $webApp.Name -ResourceGroupName $group.ResourceGroupName -PhpVersion "off"
+            }
+
+            $allSlots = Get-AzWebAppSlot -Name $webApp.Name -ResourceGroupName $webApp.ResourceGroup
+
+            foreach ($slotTemp in $allSlots) {
+
+                [string] $slotName = $slotTemp.Name.Split("/")[1]
+                $slot = Get-AzWebAppSlot -Name $webApp.Name -ResourceGroupName $webApp.ResourceGroup -Slot $slotName
+
+                if (($slot.SiteConfig.FtpsState -ne "Disabled") -and ($webApp.SiteConfig.FtpsState -ne "FtpsOnly")) {
+                    Write-Host "Disable FTP $($webApp.Name) - $($slotName)"
+                    $y = Set-AzWebAppSlot -Name $webApp.Name -Slot $slotName -ResourceGroupName $group.ResourceGroupName -FtpsState Disabled
+                }
+                if (($slot.SiteConfig.PhpVersion -ne "") -and ($slot.SiteConfig.PhpVersion -ne "off")) {
+                    Write-Host "Disable PHP $($webApp.Name) - $($slotName)"
+                    $y = Set-AzWebAppSlot -Name $webApp.Name -Slot $slotName -ResourceGroupName $group.ResourceGroupName -PhpVersion "off"
+                }
+            }
+        }
+    }
+}
+
+Write-Host "======================================================================================================================================================================"
+Write-Host "Done."