From b248c4818e8da00ee0595da8b1d54607bf63a66f Mon Sep 17 00:00:00 2001 From: Priyank Saxena Date: Wed, 28 Oct 2020 09:22:37 +0000 Subject: [PATCH] Merged PR 1557: [CCv3]Set Blob access as private This PR is to set blob access level. Changes include :- - fix arm template to set allowBlobPublicAccess correctly - upload blob with private access - updating arm template root schema to latest Verification done :- - ARM Template tested ( only storage account verified ). - Function tested with allowBlobPublicAccess as enabled and disabled. - Migration from v2 to v3. - Full ARM Template deployment --- Deployment/azuredeploy.json | 4 ++-- .../Export/Activities/UploadActivity.cs | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Deployment/azuredeploy.json b/Deployment/azuredeploy.json index b57657ec3..94a7236af 100644 --- a/Deployment/azuredeploy.json +++ b/Deployment/azuredeploy.json @@ -1,5 +1,5 @@ { - "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "baseResourceName": { @@ -191,7 +191,7 @@ { "type": "Microsoft.Storage/storageAccounts", "name": "[variables('storageAccountName')]", - "apiVersion": "2018-02-01", + "apiVersion": "2019-06-01", "location": "[parameters('location')]", "kind": "Storage", "properties": { diff --git a/Source/Microsoft.Teams.Apps.CompanyCommunicator.Prep.Func/Export/Activities/UploadActivity.cs b/Source/Microsoft.Teams.Apps.CompanyCommunicator.Prep.Func/Export/Activities/UploadActivity.cs index b4c53d91d..388faddd8 100644 --- a/Source/Microsoft.Teams.Apps.CompanyCommunicator.Prep.Func/Export/Activities/UploadActivity.cs +++ b/Source/Microsoft.Teams.Apps.CompanyCommunicator.Prep.Func/Export/Activities/UploadActivity.cs @@ -89,10 +89,10 @@ public async Task UploadActivityAsync( CloudBlobContainer container = client.GetContainerReference(Common.Constants.BlobContainerName); await container.CreateIfNotExistsAsync(); - // Set the permissions so the blobs are public. + // Set the permissions so the blobs are private. BlobContainerPermissions permissions = new BlobContainerPermissions { - PublicAccess = BlobContainerPublicAccessType.Blob, + PublicAccess = BlobContainerPublicAccessType.Off, }; await container.SetPermissionsAsync(permissions); CloudBlockBlob blob = container.GetBlockBlobReference(uploadData.fileName);