[u] update storage acct creation to include storageInfrastructureEncryption property

Jan Mallo · Jan Mallo · commit 48256a07e82b · 2024-11-18T12:37:56.000+08:00
diff --git a/infra/core/storage/storage-account.bicep b/infra/core/storage/storage-account.bicep
@@ -25,12 +25,19 @@ param publicNetworkAccess string = 'Enabled'
 param sku object = { name: 'Standard_LRS' }
 @allowed([ 'None', 'AzureServices' ])
 param bypass string = 'AzureServices'
+param storageInfrastructureEncryption string = 'Disabled'
 
 var networkAcls = (publicNetworkAccess == 'Enabled') ? {
   bypass: bypass
   defaultAction: 'Allow'
 } : { defaultAction: 'Deny' }
 
+var encryption = (storageInfrastructureEncryption == 'Enabled') ? {
+  requireInfrastructureEncryption: true
+} : {
+  requireInfrastructureEncryption: false
+}
+
 resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = {
   name: name
   location: location
@@ -49,6 +56,7 @@ resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = {
     networkAcls: networkAcls
     publicNetworkAccess: publicNetworkAccess
     supportsHttpsTrafficOnly: supportsHttpsTrafficOnly
+    encryption: encryption
   }
 
   resource blobServices 'blobServices' = if (!empty(containers)) {
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -36,6 +36,7 @@ param storageResourceGroupName string = '' // Set in main.parameters.json
 param storageResourceGroupLocation string = location
 param storageContainerName string = 'content'
 param storageSkuName string // Set in main.parameters.json
+param storageInfrastructureEncryption string // Set in main.parameters.json
 
 param userStorageAccountName string = ''
 param userStorageContainerName string = 'user-content'
@@ -662,6 +663,7 @@ module storage 'core/storage/storage-account.bicep' = {
         publicAccess: 'None'
       }
     ]
+    storageInfrastructureEncryption: storageInfrastructureEncryption
   }
 }
 
@@ -688,6 +690,7 @@ module userStorage 'core/storage/storage-account.bicep' = if (useUserUpload) {
         publicAccess: 'None'
       }
     ]
+    storageInfrastructureEncryption: storageInfrastructureEncryption
   }
 }
 
diff --git a/infra/main.parameters.json b/infra/main.parameters.json
@@ -80,6 +80,9 @@
     "storageSkuName": {
       "value": "${AZURE_STORAGE_SKU=Standard_LRS}"
     },
+    "storageInfrastructureEncryption": {
+      "value": "${AZURE_STORAGE_INFRA_ENCRYPTION}"
+    },
     "appServicePlanName": {
       "value": "${AZURE_APP_SERVICE_PLAN}"
     },

Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,7 @@ param storageResourceGroupName string = '' // Set in main.parameters.json`
`36`	`36`	`param storageResourceGroupLocation string = location`
`37`	`37`	`param storageContainerName string = 'content'`
`38`	`38`	`param storageSkuName string // Set in main.parameters.json`
	`39`	`+param storageInfrastructureEncryption string // Set in main.parameters.json`
`39`	`40`
`40`	`41`	`param userStorageAccountName string = ''`
`41`	`42`	`param userStorageContainerName string = 'user-content'`
`@@ -662,6 +663,7 @@ module storage 'core/storage/storage-account.bicep' = {`
`662`	`663`	`publicAccess: 'None'`
`663`	`664`	`}`
`664`	`665`	`]`
	`666`	`+ storageInfrastructureEncryption: storageInfrastructureEncryption`
`665`	`667`	`}`
`666`	`668`	`}`
`667`	`669`
`@@ -688,6 +690,7 @@ module userStorage 'core/storage/storage-account.bicep' = if (useUserUpload) {`
`688`	`690`	`publicAccess: 'None'`
`689`	`691`	`}`
`690`	`692`	`]`
	`693`	`+ storageInfrastructureEncryption: storageInfrastructureEncryption`
`691`	`694`	`}`
`692`	`695`	`}`
`693`	`696`