From 025b862962f5b1d49519aaf34f85f1f0a087b052 Mon Sep 17 00:00:00 2001
From: Kris Baranek <k.baranek@microsoft.com>
Date: Wed, 17 Apr 2024 09:20:59 +0200
Subject: [PATCH] fix: WAF reliability and static validation in
 `avm/res/web/site`  (#1427)

## Description

- added PSRule exceptions for `defaults` tests
- removed optional parameters from `defaults` tests
- re-generated readme due to static validation errors

fixes #1378
fixes #1510
fixes #1592

<!--
>Thank you for your contribution !
> Please include a summary of the change and which issue is fixed.
> Please also include the context.
> List any dependencies that are required for this change.

Fixes #123
Fixes #456
Closes #123
Closes #456
-->

## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |
|
[![avm.res.web.site](https://github.com/krbar/bicep-registry-modules/actions/workflows/avm.res.web.site.yml/badge.svg?branch=users%2Fkrbar%2FwebSiteFix)](https://github.com/krbar/bicep-registry-modules/actions/workflows/avm.res.web.site.yml)
|

## Type of Change

<!-- Use the check-boxes [x] on the options that are relevant. -->

- [ ] Update to CI Environment or utlities (Non-module effecting
changes)
- [x] Azure Verified Module updates:
- [x] Bugfix containing backwards compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [x] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [ ] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [ ] Update to documentation

## Checklist

- [x] I'm sure there are no other open Pull Requests for the same
update/change
- [x] I have run `Set-AVMModule` locally to generate the supporting
module files.
- [x] My corresponding pipelines / checks run clean and green without
any errors or warnings

<!-- Please keep up to day with the contribution guide at
https://aka.ms/avm/contribute/bicep -->
---
 avm/res/web/site/README.md                    | 24 +++++--------------
 avm/res/web/site/main.bicep                   |  4 +++-
 avm/res/web/site/main.json                    | 12 ++++++----
 avm/res/web/site/slot/README.md               |  6 +++++
 avm/res/web/site/slot/main.bicep              |  4 +++-
 avm/res/web/site/slot/main.json               |  6 +++--
 .../e2e/functionApp.defaults/main.test.bicep  |  3 ---
 .../tests/e2e/webApp.defaults/main.test.bicep |  4 ----
 .../psrule/.ps-rule/min-suppress.Rule.yaml    |  3 +++
 9 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/avm/res/web/site/README.md b/avm/res/web/site/README.md
index a1d528472c..fd8403c4f3 100644
--- a/avm/res/web/site/README.md
+++ b/avm/res/web/site/README.md
@@ -65,9 +65,6 @@ module site 'br/public:avm/res/web/site:<version>' = {
     serverFarmResourceId: '<serverFarmResourceId>'
     // Non-required parameters
     location: '<location>'
-    siteConfig: {
-      alwaysOn: true
-    }
   }
 }
 ```
@@ -97,11 +94,6 @@ module site 'br/public:avm/res/web/site:<version>' = {
     // Non-required parameters
     "location": {
       "value": "<location>"
-    },
-    "siteConfig": {
-      "value": {
-        "alwaysOn": true
-      }
     }
   }
 }
@@ -659,10 +651,6 @@ module site 'br/public:avm/res/web/site:<version>' = {
     serverFarmResourceId: '<serverFarmResourceId>'
     // Non-required parameters
     location: '<location>'
-    siteConfig: {
-      alwaysOn: true
-      healthCheckPath: '/healthz'
-    }
   }
 }
 ```
@@ -692,12 +680,6 @@ module site 'br/public:avm/res/web/site:<version>' = {
     // Non-required parameters
     "location": {
       "value": "<location>"
-    },
-    "siteConfig": {
-      "value": {
-        "alwaysOn": true,
-        "healthCheckPath": "/healthz"
-      }
     }
   }
 }
@@ -2576,6 +2558,12 @@ The site config object.
 
 - Required: No
 - Type: object
+- Default:
+  ```Bicep
+  {
+      alwaysOn: true
+  }
+  ```
 
 ### Parameter: `slots`
 
diff --git a/avm/res/web/site/main.bicep b/avm/res/web/site/main.bicep
index c0571f9765..19fa05ed2d 100644
--- a/avm/res/web/site/main.bicep
+++ b/avm/res/web/site/main.bicep
@@ -56,7 +56,9 @@ param vnetRouteAllEnabled bool = false
 param scmSiteAlsoStopped bool = false
 
 @description('Optional. The site config object.')
-param siteConfig object?
+param siteConfig object = {
+  alwaysOn: true
+}
 
 @description('Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions.')
 param storageAccountResourceId string?
diff --git a/avm/res/web/site/main.json b/avm/res/web/site/main.json
index c536503a67..3b31a486aa 100644
--- a/avm/res/web/site/main.json
+++ b/avm/res/web/site/main.json
@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.26.54.24096",
-      "templateHash": "6312828584864471342"
+      "templateHash": "14301920664802681394"
     },
     "name": "Web/Function Apps",
     "description": "This module deploys a Web or Function App.",
@@ -543,7 +543,9 @@
     },
     "siteConfig": {
       "type": "object",
-      "nullable": true,
+      "defaultValue": {
+        "alwaysOn": true
+      },
       "metadata": {
         "description": "Optional. The site config object."
       }
@@ -1299,7 +1301,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.26.54.24096",
-              "templateHash": "12157473410186645235"
+              "templateHash": "7436278786647572492"
             },
             "name": "Web/Function App Deployment Slots",
             "description": "This module deploys a Web or Function App Deployment Slot.",
@@ -1815,7 +1817,9 @@
             },
             "siteConfig": {
               "type": "object",
-              "nullable": true,
+              "defaultValue": {
+                "alwaysOn": true
+              },
               "metadata": {
                 "description": "Optional. The site config object."
               }
diff --git a/avm/res/web/site/slot/README.md b/avm/res/web/site/slot/README.md
index 0ee42e70e8..d6bd88486f 100644
--- a/avm/res/web/site/slot/README.md
+++ b/avm/res/web/site/slot/README.md
@@ -949,6 +949,12 @@ The site config object.
 
 - Required: No
 - Type: object
+- Default:
+  ```Bicep
+  {
+      alwaysOn: true
+  }
+  ```
 
 ### Parameter: `storageAccountRequired`
 
diff --git a/avm/res/web/site/slot/main.bicep b/avm/res/web/site/slot/main.bicep
index 209954c101..f5aa6cf5f1 100644
--- a/avm/res/web/site/slot/main.bicep
+++ b/avm/res/web/site/slot/main.bicep
@@ -47,7 +47,9 @@ param storageAccountRequired bool = false
 param virtualNetworkSubnetId string?
 
 @description('Optional. The site config object.')
-param siteConfig object?
+param siteConfig object = {
+  alwaysOn: true
+}
 
 @description('Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions.')
 param storageAccountResourceId string?
diff --git a/avm/res/web/site/slot/main.json b/avm/res/web/site/slot/main.json
index 959db7cbac..ca03c4ee64 100644
--- a/avm/res/web/site/slot/main.json
+++ b/avm/res/web/site/slot/main.json
@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.26.54.24096",
-      "templateHash": "12157473410186645235"
+      "templateHash": "7436278786647572492"
     },
     "name": "Web/Function App Deployment Slots",
     "description": "This module deploys a Web or Function App Deployment Slot.",
@@ -522,7 +522,9 @@
     },
     "siteConfig": {
       "type": "object",
-      "nullable": true,
+      "defaultValue": {
+        "alwaysOn": true
+      },
       "metadata": {
         "description": "Optional. The site config object."
       }
diff --git a/avm/res/web/site/tests/e2e/functionApp.defaults/main.test.bicep b/avm/res/web/site/tests/e2e/functionApp.defaults/main.test.bicep
index 49f241e3f0..9925860e2e 100644
--- a/avm/res/web/site/tests/e2e/functionApp.defaults/main.test.bicep
+++ b/avm/res/web/site/tests/e2e/functionApp.defaults/main.test.bicep
@@ -54,9 +54,6 @@ module testDeployment '../../../main.bicep' = [
       location: resourceLocation
       kind: 'functionapp'
       serverFarmResourceId: nestedDependencies.outputs.serverFarmResourceId
-      siteConfig: {
-        alwaysOn: true
-      }
     }
     dependsOn: [
       nestedDependencies
diff --git a/avm/res/web/site/tests/e2e/webApp.defaults/main.test.bicep b/avm/res/web/site/tests/e2e/webApp.defaults/main.test.bicep
index c4b0bce825..63bac17835 100644
--- a/avm/res/web/site/tests/e2e/webApp.defaults/main.test.bicep
+++ b/avm/res/web/site/tests/e2e/webApp.defaults/main.test.bicep
@@ -54,10 +54,6 @@ module testDeployment '../../../main.bicep' = [
       location: resourceLocation
       kind: 'app'
       serverFarmResourceId: nestedDependencies.outputs.serverFarmResourceId
-      siteConfig: {
-        healthCheckPath: '/healthz'
-        alwaysOn: true
-      }
     }
 
     dependsOn: [
diff --git a/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml b/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml
index f8bd41fc01..dbea639dbf 100644
--- a/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml
+++ b/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml
@@ -28,6 +28,9 @@ spec:
     # Azure Virtual Machine
     - Azure.VM.AMA
     - Azure.VM.Standalone
+    # Azure App Service
+    - Azure.AppService.WebProbe # Supressed as the probe path is specific to the app
+    - Azure.AppService.WebProbePath # Supressed as the probe path is specific to the app
   if:
     name: "."
     contains: