From 381bf54edcd33423ce5d0cf1f957cf10d98920ad Mon Sep 17 00:00:00 2001
From: Guy Harwood <guy@milkchip.com>
Date: Fri, 10 Jan 2025 14:42:01 +0000
Subject: [PATCH 1/3] CLI script to set TLS v1.3 on web apps

---
 deploy/app-service/set-tls-v1.3.sh | 35 ++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100755 deploy/app-service/set-tls-v1.3.sh

diff --git a/deploy/app-service/set-tls-v1.3.sh b/deploy/app-service/set-tls-v1.3.sh
new file mode 100755
index 0000000000..d4fcb5b704
--- /dev/null
+++ b/deploy/app-service/set-tls-v1.3.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+set -e
+
+#!/bin/bash
+
+# Get all App Services across all resource groups
+echo "Retrieving all App Services..."
+app_services=$(az webapp list --query "[].{name:name,resourceGroup:resourceGroup}" -o json)
+echo $app_services
+exit 0;
+
+# Parse the JSON output and configure TLS for each app service
+echo $app_services | jq -c '.[]' | while read -r app; do
+    name=$(echo $app | jq -r '.name')
+    rg=$(echo $app | jq -r '.resourceGroup')
+
+    echo "Configuring TLS 1.3 for App Service: $name in Resource Group: $rg"
+
+    # Configure minimum TLS version to 1.3
+    az webapp config set \
+        --name $name \
+        --resource-group $rg \
+        --min-tls-version 1.3
+
+    # Disable older TLS/SSL protocols
+    az webapp config set \
+        --name $name \
+        --resource-group $rg \
+        --ftps-state Disabled \
+        --http20-enabled true
+
+    echo "Completed TLS configuration for $name"
+done
+
+echo "Configuration complete for all App Services"

From 7663cc092048ae52faf182882fc69ae748992c85 Mon Sep 17 00:00:00 2001
From: Guy Harwood <guy@milkchip.com>
Date: Mon, 13 Jan 2025 14:08:55 +0000
Subject: [PATCH 2/3] target a resource group rather than subscription

---
 deploy/app-service/set-tls-v1.3.sh | 41 ++++++++++++++++++++----------
 1 file changed, 28 insertions(+), 13 deletions(-)

diff --git a/deploy/app-service/set-tls-v1.3.sh b/deploy/app-service/set-tls-v1.3.sh
index d4fcb5b704..a3965a370e 100755
--- a/deploy/app-service/set-tls-v1.3.sh
+++ b/deploy/app-service/set-tls-v1.3.sh
@@ -1,35 +1,50 @@
 #!/bin/bash
 set -e
 
-#!/bin/bash
-
-# Get all App Services across all resource groups
-echo "Retrieving all App Services..."
-app_services=$(az webapp list --query "[].{name:name,resourceGroup:resourceGroup}" -o json)
-echo $app_services
-exit 0;
+# Check if resource group parameter is provided
+if [ $# -eq 0 ]; then
+    echo "Error: Resource group name is required"
+    echo "Usage: $0 <resource-group-name>"
+    exit 1
+fi
+
+RESOURCE_GROUP=$1
+
+# Verify resource group exists
+if ! az group show --name "$RESOURCE_GROUP" &>/dev/null; then
+    echo "Error: Resource group '$RESOURCE_GROUP' not found"
+    exit 1
+fi
+
+# Get all App Services in the specified resource group
+echo "Retrieving App Services in resource group: $RESOURCE_GROUP..."
+app_services=$(az webapp list --resource-group "$RESOURCE_GROUP" --query "[].{name:name,resourceGroup:resourceGroup}" -o json)
+
+if [ "$(echo $app_services | jq '. | length')" -eq 0 ]; then
+    echo "No App Services found in resource group: $RESOURCE_GROUP"
+    exit 0
+fi
 
 # Parse the JSON output and configure TLS for each app service
 echo $app_services | jq -c '.[]' | while read -r app; do
     name=$(echo $app | jq -r '.name')
-    rg=$(echo $app | jq -r '.resourceGroup')
 
-    echo "Configuring TLS 1.3 for App Service: $name in Resource Group: $rg"
+    echo "Configuring TLS 1.3 for App Service: $name"
 
     # Configure minimum TLS version to 1.3
     az webapp config set \
         --name $name \
-        --resource-group $rg \
+        --resource-group $RESOURCE_GROUP \
         --min-tls-version 1.3
 
     # Disable older TLS/SSL protocols
     az webapp config set \
         --name $name \
-        --resource-group $rg \
+        --resource-group $RESOURCE_GROUP \
         --ftps-state Disabled \
         --http20-enabled true
 
-    echo "Completed TLS configuration for $name"
+   echo "Completed TLS configuration for $name"
 done
 
-echo "Configuration complete for all App Services"
+echo "Configuration complete for all App Services in resource group: $RESOURCE_GROUP"

From 41d83007f070b4d45c14d1e8dd3f0e868a4db9ef Mon Sep 17 00:00:00 2001
From: Guy Harwood <guy@milkchip.com>
Date: Tue, 14 Jan 2025 16:39:01 +0000
Subject: [PATCH 3/3] scripts for functions and app service to set HTTP config

---
 ...ls-v1.3.sh => app-service-set-tls-v1.3.sh} |  0
 deploy/functions/functions-set-tls-v1.3.sh    | 50 +++++++++++++++++++
 2 files changed, 50 insertions(+)
 rename deploy/app-service/{set-tls-v1.3.sh => app-service-set-tls-v1.3.sh} (100%)
 create mode 100755 deploy/functions/functions-set-tls-v1.3.sh

diff --git a/deploy/app-service/set-tls-v1.3.sh b/deploy/app-service/app-service-set-tls-v1.3.sh
similarity index 100%
rename from deploy/app-service/set-tls-v1.3.sh
rename to deploy/app-service/app-service-set-tls-v1.3.sh
diff --git a/deploy/functions/functions-set-tls-v1.3.sh b/deploy/functions/functions-set-tls-v1.3.sh
new file mode 100755
index 0000000000..3e2f2caa7f
--- /dev/null
+++ b/deploy/functions/functions-set-tls-v1.3.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+set -e
+
+# Check if resource group parameter is provided
+if [ $# -eq 0 ]; then
+    echo "Error: Resource group name is required"
+    echo "Usage: $0 <resource-group-name>"
+    exit 1
+fi
+
+RESOURCE_GROUP=$1
+
+# Verify resource group exists
+if ! az group show --name "$RESOURCE_GROUP" &>/dev/null; then
+    echo "Error: Resource group '$RESOURCE_GROUP' not found"
+    exit 1
+fi
+
+# Get all Functions in the specified resource group
+echo "Retrieving Functions in resource group: $RESOURCE_GROUP..."
+app_services=$(az functionapp list --resource-group "$RESOURCE_GROUP" --query "[].{name:name,resourceGroup:resourceGroup}" -o json)
+
+if [ "$(echo $app_services | jq '. | length')" -eq 0 ]; then
+    echo "No Functions found in resource group: $RESOURCE_GROUP"
+    exit 0
+fi
+
+# Parse the JSON output and configure TLS for each function
+echo $app_services | jq -c '.[]' | while read -r app; do
+    name=$(echo $app | jq -r '.name')
+
+    echo "Configuring TLS 1.3 for Function: $name"
+
+    # Configure minimum TLS version to 1.3
+    az functionapp config set \
+        --name $name \
+        --resource-group $RESOURCE_GROUP \
+        --min-tls-version 1.3
+
+    # Disable older TLS/SSL protocols
+    az functionapp config set \
+        --name $name \
+        --resource-group $RESOURCE_GROUP \
+        --ftps-state Disabled \
+        --http20-enabled true
+
+   echo "Completed TLS configuration for $name"
+done
+
+echo "Configuration complete for all Functions in resource group: $RESOURCE_GROUP"