Skip to content

[App Service] Add SiteScopedCertificatesEnabled property #33306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
danielw5 wants to merge 2 commits into
base: dev
Choose a base branch
from
+15 −3
Open

[App Service] Add SiteScopedCertificatesEnabled property #33306

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
26eb2f8
add SiteScopedCertificatesEnabled to create/update webapp
danielw5 May 1, 2026
fff2b3a
refine help text
danielw5 May 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions src/azure-cli/azure/cli/command_modules/appservice/_params.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -339,6 +339,10 @@ def load_arguments(self, _):
c.argument('end_to_end_encryption_enabled', options_list=['--end-to-end-encryption-enabled', '-e'],
help='Enable or disable end-to-end encryption between the Front End and the Workers.',
arg_type=get_three_state_flag(return_label=True))
c.argument('site_scoped_certificates_enabled',
options_list=['--site-scoped-certificates-enabled'],
help='Enable or disable site-scoped certificates.',
arg_type=get_three_state_flag(return_label=True))
c.argument('min_tls_version',
help="The minimum version of TLS required for SSL requests, e.g., '1.0', '1.1', '1.2'")
c.argument('min_tls_cipher_suite', options_list=['--min-tls-cipher-suite'],
Expand Down Expand Up @@ -471,6 +475,10 @@ def load_arguments(self, _):
c.argument('platform_release_channel', options_list=['--platform-release-channel'],
help='Set the platform release channel for the web app. Possible values: Latest, Standard, Extended.',
arg_type=get_enum_type(PLATFORM_RELEASE_CHANNEL_TYPES))
c.argument('site_scoped_certificates_enabled',
options_list=['--site-scoped-certificates-enabled'],
help='Enable or disable site-scoped certificates.',
arg_type=get_three_state_flag(return_label=True))

with self.argument_context('webapp browse') as c:
c.argument('logs', options_list=['--logs', '-l'], action='store_true',
Expand Down
10 changes: 7 additions & 3 deletions src/azure-cli/azure/cli/command_modules/appservice/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ def create_webapp(cmd, resource_group_name, name, plan, runtime=None, startup_fi
role='Contributor', scope=None, vnet=None, subnet=None, https_only=False,
public_network_access=None, acr_use_identity=False, acr_identity=None, basic_auth="",
auto_generated_domain_name_label_scope=None, end_to_end_encryption_enabled=None,
min_tls_version=None, min_tls_cipher_suite=None):
min_tls_version=None, min_tls_cipher_suite=None, site_scoped_certificates_enabled=None):
from azure.mgmt.web.models import Site, OutboundVnetRouting
from azure.core.exceptions import ResourceNotFoundError as _ResourceNotFoundError
SiteConfig, SkuDescription, NameValuePair = cmd.get_models(
Expand Down Expand Up @@ -260,7 +260,8 @@ def create_webapp(cmd, resource_group_name, name, plan, runtime=None, startup_fi
https_only=https_only, virtual_network_subnet_id=subnet_resource_id,
public_network_access=public_network_access, outbound_vnet_routing=outbound_vnet_routing,
auto_generated_domain_name_label_scope=auto_generated_domain_name_label_scope,
end_to_end_encryption_enabled=end_to_end_encryption_enabled)
end_to_end_encryption_enabled=end_to_end_encryption_enabled,
site_scoped_certificates_enabled=site_scoped_certificates_enabled)
Comment on lines 260 to +264
Copy link

Copilot AI May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

site_scoped_certificates_enabled (and currently end_to_end_encryption_enabled) come from get_three_state_flag(return_label=True), which returns the strings 'true'/'false'. Passing these strings directly into the Site(...) model will serialize as JSON strings (or potentially raise if the model validates types) rather than booleans. Convert these values to booleans (e.g., val == 'true') before constructing Site, keeping None as-is, to match the behavior already used in update_webapp.

Copilot uses AI. Check for mistakes.
if runtime:
runtime = _StackRuntimeHelper.remove_delimiters(runtime)

Expand Down Expand Up @@ -2234,7 +2235,7 @@ def set_webapp(cmd, resource_group_name, name, slot=None, skip_dns_registration=

def update_webapp(cmd, instance, client_affinity_enabled=None, https_only=None, minimum_elastic_instance_count=None,
prewarmed_instance_count=None, end_to_end_encryption_enabled=None,
platform_release_channel=None):
platform_release_channel=None, site_scoped_certificates_enabled=None):
if 'function' in instance.kind:
raise ValidationError("please use 'az functionapp update' to update this function app")
if minimum_elastic_instance_count or prewarmed_instance_count:
Expand All @@ -2261,6 +2262,9 @@ def update_webapp(cmd, instance, client_affinity_enabled=None, https_only=None,
if end_to_end_encryption_enabled is not None:
instance.end_to_end_encryption_enabled = end_to_end_encryption_enabled == 'true'

if site_scoped_certificates_enabled is not None:
instance.site_scoped_certificates_enabled = site_scoped_certificates_enabled == 'true'
Comment thread
danielw5 marked this conversation as resolved.

if minimum_elastic_instance_count is not None:
from azure.mgmt.web.models import SiteConfig
# Need to create a new SiteConfig object to ensure that the new property is included in request body
Expand Down
Loading