Azure · bebound · Apr 24, 2024 · Oct 23, 2023 · Nov 3, 2023 · Apr 15, 2024
@@ -183,6 +183,7 @@
 helps['functionapp config appsettings delete'] = """
 type: command
 short-summary: Delete a function app's settings.
+long-summary: Note that setting values are now redacted in the result. Please use the `az functionapp config appsettings list` command to view the settings.
 examples:
   - name: Delete a function app's settings. (autogenerated)
     text: az functionapp config appsettings delete --name MyFunctionApp --resource-group MyResourceGroup --setting-names {setting-names}
@@ -201,6 +202,7 @@
 helps['functionapp config appsettings set'] = """
 type: command
 short-summary: Update a function app's settings.
+long-summary: Note that setting values are now redacted in the result. Please use the `az functionapp config appsettings list` command to view the settings.
 examples:
   - name: Update a function app's settings.
     text: |
@@ -1046,6 +1048,7 @@
 helps['webapp config appsettings delete'] = """
 type: command
 short-summary: Delete web app settings.
+long-summary: Note that setting values are now redacted in the result. Please use the `az webapp config appsettings list` command to view the settings.
 examples:
   - name: Delete web app settings. (autogenerated)
     text: az webapp config appsettings delete --name MyWebApp --resource-group MyResourceGroup --setting-names {setting-names}
@@ -1064,6 +1067,7 @@
 helps['webapp config appsettings set'] = """
 type: command
 short-summary: Set a web app's settings.
+long-summary: Note that setting values are now redacted in the result. Please use the `az webapp config appsettings list` command to view the settings.
 examples:
   - name: Set the default NodeJS version to 6.9.1 for a web app.
     text: >
@@ -1128,6 +1132,7 @@
 helps['webapp config connection-string delete'] = """
 type: command
 short-summary: Delete a web app's connection strings.
+long-summary: Note that connection string values are now redacted in the result. Please use the `az webapp config connection-string list` command to view the values.
 examples:
   - name: Delete a web app's connection strings. (autogenerated)
     text: az webapp config connection-string delete --name MyWebApp --resource-group MyResourceGroup --setting-names {setting-names}
@@ -1146,6 +1151,7 @@
 helps['webapp config connection-string set'] = """
 type: command
 short-summary: Update a web app's connection strings.
+long-summary: Note that connection string values are now redacted in the result. Please use the `az webapp config connection-string list` command to view the values.
 examples:
   - name: Add a mysql connection string.
     text: >
@@ -1351,6 +1357,7 @@
 helps['webapp config storage-account add'] = """
 type: command
 short-summary: Add an Azure storage account configuration to a web app. (Linux Web Apps and Windows Containers Web Apps Only)
+long-summary: Note that storage account access keys are now redacted in the result. Please use the `az webapp config storage-account list` command to view the keys.
 examples:
   - name: Add a connection to the Azure Files file share called MyShare in the storage account named MyStorageAccount.
     text: >
@@ -1366,6 +1373,7 @@
 helps['webapp config storage-account delete'] = """
 type: command
 short-summary: Delete a web app's Azure storage account configuration. (Linux Web Apps and Windows Containers Web Apps Only)
+long-summary: Note that storage account access keys are now redacted in the result. Please use the `az webapp config storage-account list` command to view the keys.
 examples:
   - name: Delete a web app's Azure storage account configuration. (Linux Web Apps and Windows Containers Web Apps Only) (autogenerated)
     text: az webapp config storage-account delete --custom-id CustomId --name MyWebApp --resource-group MyResourceGroup
@@ -1384,6 +1392,7 @@
 helps['webapp config storage-account update'] = """
 type: command
 short-summary: Update an existing Azure storage account configuration on a web app. (Linux Web Apps and Windows Containers Web Apps Only)
+long-summary: Note that storage account access keys are now redacted in the result. Please use the `az webapp config storage-account list` command to view the keys.
 examples:
   - name: Update the mount path for a connection to the Azure Files file share with the ID MyId.
     text: >

@@ -422,7 +422,7 @@ def update_app_settings(cmd, resource_group_name, name, settings=None, slot=None
         app_settings_slot_cfg_names = slot_cfg_names.app_setting_names
         client.web_apps.update_slot_configuration_names(resource_group_name, name, slot_cfg_names)
 
-    return _build_app_settings_output(result.properties, app_settings_slot_cfg_names)
+    return _build_app_settings_output(result.properties, app_settings_slot_cfg_names, redact=True)
 
 
 def add_azure_storage_account(cmd, resource_group_name, name, custom_id, storage_type, account_name,
@@ -453,7 +453,7 @@ def add_azure_storage_account(cmd, resource_group_name, name, custom_id, storage
             slot_cfg_names.azure_storage_config_names.append(custom_id)
             client.web_apps.update_slot_configuration_names(resource_group_name, name, slot_cfg_names)
 
-    return result.properties
+    return _redact_storage_accounts(result.properties)
 
 
 def update_azure_storage_account(cmd, resource_group_name, name, custom_id, storage_type=None, account_name=None,
@@ -492,7 +492,7 @@ def update_azure_storage_account(cmd, resource_group_name, name, custom_id, stor
             slot_cfg_names.azure_storage_config_names.append(custom_id)
             client.web_apps.update_slot_configuration_names(resource_group_name, name, slot_cfg_names)
 
-    return result.properties
+    return _redact_storage_accounts(result.properties)
 
 
 def enable_zip_deploy_functionapp(cmd, resource_group_name, name, src, build_remote=False, timeout=None, slot=None):
@@ -1406,7 +1406,9 @@ def delete_app_settings(cmd, resource_group_name, name, setting_names, slot=None
                                          'update_application_settings',
                                          app_settings, slot, client)
 
-    return _build_app_settings_output(result.properties, slot_cfg_names.app_setting_names)
+    return _build_app_settings_output(result.properties,
+                                      slot_cfg_names.app_setting_names if slot_cfg_names else [],
+                                      redact=True)
 
 
 def delete_azure_storage_accounts(cmd, resource_group_name, name, custom_id, slot=None):
@@ -1429,7 +1431,15 @@ def delete_azure_storage_accounts(cmd, resource_group_name, name, custom_id, slo
                                          'update_azure_storage_accounts', azure_storage_accounts,
                                          slot, client)
 
-    return result.properties
+    return _redact_storage_accounts(result.properties)
+
+
+def _redact_storage_accounts(properties):
+    logger.warning('Storage account access keys have been redacted. '
+                   'Use `az webapp config storage-account list` to view.')
+    for account in properties:
+        properties[account].accessKey = None
+    return properties
 
 
 def _ssl_context():
@@ -1442,11 +1452,20 @@ def _ssl_context():
     return ssl.create_default_context()
 
 
-def _build_app_settings_output(app_settings, slot_cfg_names):
+def _build_app_settings_output(app_settings, slot_cfg_names, redact=False):
     slot_cfg_names = slot_cfg_names or []
     return [{'name': p,
              'value': app_settings[p],
-             'slotSetting': p in slot_cfg_names} for p in _mask_creds_related_appsettings(app_settings)]
+             'slotSetting': p in slot_cfg_names} for p in (_redact_appsettings(app_settings) if redact
+                                                           else _mask_creds_related_appsettings(app_settings))]
+
+
+def _redact_appsettings(settings):
+    logger.warning('App settings have been redacted. '
+                   'Use `az webapp/logicapp/functionapp config appsettings list` to view.')
+    for x in settings:
+        settings[x] = None
+    return settings
 
 
 def update_connection_strings(cmd, resource_group_name, name, connection_string_type,
@@ -1479,7 +1498,7 @@ def update_connection_strings(cmd, resource_group_name, name, connection_string_
         slot_cfg_names.connection_string_names += new_slot_setting_names
         client.web_apps.update_slot_configuration_names(resource_group_name, name, slot_cfg_names)
 
-    return result.properties
+    return _redact_connection_strings(result.properties)
 
 
 def delete_connection_strings(cmd, resource_group_name, name, setting_names, slot=None):
@@ -1498,9 +1517,19 @@ def delete_connection_strings(cmd, resource_group_name, name, setting_names, slo
     if is_slot_settings:
         client.web_apps.update_slot_configuration_names(resource_group_name, name, slot_cfg_names)
 
-    return _generic_settings_operation(cmd.cli_ctx, resource_group_name, name,
-                                       'update_connection_strings',
-                                       conn_strings, slot, client)
+    result = _generic_settings_operation(cmd.cli_ctx, resource_group_name, name,
+                                         'update_connection_strings',
+                                         conn_strings, slot, client)
+    _redact_connection_strings(result.properties)
+    return result
+
+
+def _redact_connection_strings(properties):
+    logger.warning('Connection string values have been redacted. '
+                   'Use `az webapp config connection-string list` to view.')
+    for setting in properties:
+        properties[setting].value = None
+    return properties
 
 
 CONTAINER_APPSETTING_NAMES = ['DOCKER_REGISTRY_SERVER_URL', 'DOCKER_REGISTRY_SERVER_USERNAME',

@@ -291,9 +291,11 @@ def set_staticsite_app_settings(cmd, name, setting_pairs, resource_group_name=No
     for k, v in setting_dict.items():
         settings.properties[k] = v
 
-    return client.create_or_update_static_site_app_settings(
+    result = client.create_or_update_static_site_app_settings(
         resource_group_name, name, app_settings=settings)
 
+    return _redact_appsettings(result)
+
 
 def delete_staticsite_app_settings(cmd, name, setting_names, resource_group_name=None):
     client = _get_staticsites_client_factory(cmd.cli_ctx)
@@ -308,9 +310,18 @@ def delete_staticsite_app_settings(cmd, name, setting_names, resource_group_name
         else:
             logger.warning("key '%s' not found in app settings", key)
 
-    return client.create_or_update_static_site_app_settings(
+    result = client.create_or_update_static_site_app_settings(
         resource_group_name, name, app_settings=app_settings)
 
+    return _redact_appsettings(result)
+
+
+def _redact_appsettings(payload):
+    logger.warning('App settings have been redacted. Use `az staticwebapp appsettings list` to view.')
+    for x in payload.properties:
+        payload.properties[x] = None
+    return payload
+
 
 def list_staticsite_users(cmd, name, resource_group_name=None, authentication_provider='all'):
     client = _get_staticsites_client_factory(cmd.cli_ctx)

@@ -23,7 +23,7 @@ interactions:
       cache-control:
       - no-cache
       content-length:
-      - '310'
+      - '381'
       content-type:
       - application/json; charset=utf-8
       date:
@@ -36,6 +36,8 @@ interactions:
       - max-age=31536000; includeSubDomains
       vary:
       - Accept-Encoding
+      vary:
+      - Accept-Encoding
       x-content-type-options:
       - nosniff
     status:
@@ -72,7 +74,7 @@ interactions:
       cache-control:
       - no-cache
       content-length:
-      - '1500'
+      - '1620'
       content-type:
       - application/json
       date:
@@ -91,6 +93,10 @@ interactions:
       - chunked
       vary:
       - Accept-Encoding
+      transfer-encoding:
+      - chunked
+      vary:
+      - Accept-Encoding
       x-aspnet-version:
       - 4.0.30319
       x-content-type-options:
@@ -128,7 +134,7 @@ interactions:
       cache-control:
       - no-cache
       content-length:
-      - '1426'
+      - '1540'
       content-type:
       - application/json
       date:
@@ -145,6 +151,10 @@ interactions:
       - chunked
       vary:
       - Accept-Encoding
+      transfer-encoding:
+      - chunked
+      vary:
+      - Accept-Encoding
       x-aspnet-version:
       - 4.0.30319
       x-content-type-options: