Set StorageAccount Kind to StorageV2; Min TLS to 1.2 in ARM template

Azure · Jan 31, 2025 · e1adf8f · e1adf8f
1 parent 0d7eabd
commit e1adf8f
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/pkg/deploy/assets/rp-production-global.json b/pkg/deploy/assets/rp-production-global.json
@@ -101,8 +101,10 @@
             "sku": {
                 "name": "Standard_LRS"
             },
+            "kind": "StorageV2",
             "properties": {
-                "allowBlobPublicAccess": false
+                "allowBlobPublicAccess": false,
+                "minimumTlsVersion": "TLS1_2"
             },
             "tags": {},
             "location": "[resourceGroup().location]",

diff --git a/pkg/deploy/generator/resources.go b/pkg/deploy/generator/resources.go
@@ -93,6 +93,7 @@ func (g *generator) storageAccount(name string, accountProperties *mgmtstorage.A
 		Resource: &mgmtstorage.Account{
 			Name:     &name,
 			Type:     to.StringPtr("Microsoft.Storage/storageAccounts"),
+			Kind:     mgmtstorage.KindStorageV2,
 			Location: to.StringPtr("[resourceGroup().location]"),
 			Sku: &mgmtstorage.Sku{
 				Name: "Standard_LRS",

diff --git a/pkg/deploy/generator/resources_rp.go b/pkg/deploy/generator/resources_rp.go
@@ -1520,7 +1520,10 @@ func (g *generator) rpVersionStorageAccount() []*arm.Resource {
 	return []*arm.Resource{
 		g.storageAccount(
 			"[parameters('rpVersionStorageAccountName')]",
-			&mgmtstorage.AccountProperties{AllowBlobPublicAccess: to.BoolPtr(false)},
+			&mgmtstorage.AccountProperties{
+				AllowBlobPublicAccess: to.BoolPtr(false),
+				MinimumTLSVersion:     mgmtstorage.MinimumTLSVersionTLS12,
+			},
 			map[string]*string{},
 		),
 	}