From f4d8179b30d660ea689e37886a5a9f84f698c3a7 Mon Sep 17 00:00:00 2001 From: Jordan Selig Date: Tue, 13 Jan 2026 11:51:56 -0500 Subject: [PATCH 1/3] Use Site-level outbound_vnet_routing instead of SiteConfig vnet_route_all_enabled Update webapp and functionapp commands to use the new Site-level outbound_vnet_routing property with OutboundVnetRouting(application_traffic=True) instead of the deprecated SiteConfig vnet_route_all_enabled property. Commands updated: - az webapp create - az functionapp create - az webapp vnet-integration add - az functionapp vnet-integration add --- .../cli/command_modules/appservice/custom.py | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/appservice/custom.py b/src/azure-cli/azure/cli/command_modules/appservice/custom.py index 5b53d219c6f..bff7cc68c0d 100644 --- a/src/azure-cli/azure/cli/command_modules/appservice/custom.py +++ b/src/azure-cli/azure/cli/command_modules/appservice/custom.py @@ -127,7 +127,7 @@ def create_webapp(cmd, resource_group_name, name, plan, runtime=None, startup_fi role='Contributor', scope=None, vnet=None, subnet=None, https_only=False, public_network_access=None, acr_use_identity=False, acr_identity=None, basic_auth="", auto_generated_domain_name_label_scope=None): - from azure.mgmt.web.models import Site + from azure.mgmt.web.models import Site, OutboundVnetRouting from azure.core.exceptions import ResourceNotFoundError as _ResourceNotFoundError SiteConfig, SkuDescription, NameValuePair = cmd.get_models( 'SiteConfig', 'SkuDescription', 'NameValuePair') @@ -227,10 +227,10 @@ def create_webapp(cmd, resource_group_name, name, plan, runtime=None, startup_fi vnet_name=subnet_info["vnet_name"], subnet_name=subnet_info["subnet_name"]) subnet_resource_id = subnet_info["subnet_resource_id"] - vnet_route_all_enabled = True + outbound_vnet_routing = OutboundVnetRouting(application_traffic=True) else: subnet_resource_id = None - vnet_route_all_enabled = None + outbound_vnet_routing = None if using_webapp_up: https_only = using_webapp_up @@ -240,7 +240,7 @@ def create_webapp(cmd, resource_group_name, name, plan, runtime=None, startup_fi webapp_def = Site(location=location, site_config=site_config, server_farm_id=plan_info.id, tags=tags, https_only=https_only, virtual_network_subnet_id=subnet_resource_id, - public_network_access=public_network_access, vnet_route_all_enabled=vnet_route_all_enabled, + public_network_access=public_network_access, outbound_vnet_routing=outbound_vnet_routing, auto_generated_domain_name_label_scope=auto_generated_domain_name_label_scope) if runtime: runtime = _StackRuntimeHelper.remove_delimiters(runtime) @@ -7202,9 +7202,11 @@ def create_functionapp(cmd, resource_group_name, name, storage_account, plan=Non subnet_name=subnet_info["subnet_name"], subnet_service_delegation=FLEX_SUBNET_DELEGATION if flexconsumption_location else None) subnet_resource_id = subnet_info["subnet_resource_id"] - site_config.vnet_route_all_enabled = True + from azure.mgmt.web.models import OutboundVnetRouting + outbound_vnet_routing = OutboundVnetRouting(application_traffic=True) else: subnet_resource_id = None + outbound_vnet_routing = None # if this is a managed function app (Azure Functions on Azure Containers), http20_proxy_flag must be None if environment is not None: @@ -7212,7 +7214,8 @@ def create_functionapp(cmd, resource_group_name, name, storage_account, plan=Non functionapp_def = Site(location=None, site_config=site_config, tags=tags, virtual_network_subnet_id=subnet_resource_id, https_only=https_only, - auto_generated_domain_name_label_scope=auto_generated_domain_name_label_scope) + auto_generated_domain_name_label_scope=auto_generated_domain_name_label_scope, + outbound_vnet_routing=outbound_vnet_routing) plan_info = None if runtime is not None: @@ -8786,7 +8789,8 @@ def _add_vnet_integration(cmd, name, resource_group_name, vnet, subnet, slot=Non subnet_service_delegation=FLEX_SUBNET_DELEGATION if is_flex else None) app.virtual_network_subnet_id = subnet_info["subnet_resource_id"] - app.site_config.vnet_route_all_enabled = True + from azure.mgmt.web.models import OutboundVnetRouting + app.outbound_vnet_routing = OutboundVnetRouting(application_traffic=True) _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'begin_create_or_update', slot, client=client, extra_parameter=app) From 3b1371a57c8246d5e3bfae710c5e1fa22054cefc Mon Sep 17 00:00:00 2001 From: Jordan Selig Date: Tue, 13 Jan 2026 12:09:37 -0500 Subject: [PATCH 2/3] Fix webapp config set --vnet-route-all-enabled to use Site-level property The API no longer honors the SiteConfig vnetRouteAllEnabled property. Updated update_site_configs to handle vnet_route_all_enabled separately by updating the Site-level outbound_vnet_routing property instead. --- .../azure/cli/command_modules/appservice/custom.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/azure-cli/azure/cli/command_modules/appservice/custom.py b/src/azure-cli/azure/cli/command_modules/appservice/custom.py index bff7cc68c0d..ba1fa0cc296 100644 --- a/src/azure-cli/azure/cli/command_modules/appservice/custom.py +++ b/src/azure-cli/azure/cli/command_modules/appservice/custom.py @@ -3125,7 +3125,7 @@ def update_site_configs(cmd, resource_group_name, name, slot=None, number_of_wor import inspect frame = inspect.currentframe() bool_flags = ['remote_debugging_enabled', 'web_sockets_enabled', 'always_on', - 'auto_heal_enabled', 'use32_bit_worker_process', 'http20_enabled', 'vnet_route_all_enabled'] + 'auto_heal_enabled', 'use32_bit_worker_process', 'http20_enabled'] int_flags = ['pre_warmed_instance_count', 'number_of_workers'] # note: getargvalues is used already in azure.cli.core.commands. # and no simple functional replacement for this deprecating method for 3.5 @@ -3198,6 +3198,16 @@ def update_site_configs(cmd, resource_group_name, name, slot=None, number_of_wor if max_replicas is not None: setattr(configs, 'function_app_scale_limit', max_replicas) return update_configuration_polling(cmd, resource_group_name, name, slot, configs) + + # Handle vnet_route_all_enabled separately using Site-level outbound_vnet_routing property + if vnet_route_all_enabled is not None: + from azure.mgmt.web.models import OutboundVnetRouting + client = web_client_factory(cmd.cli_ctx) + app = _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'get', slot, client=client) + app.outbound_vnet_routing = OutboundVnetRouting(application_traffic=(vnet_route_all_enabled == 'true')) + _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'begin_create_or_update', slot, + client=client, extra_parameter=app) + return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_configuration', slot, configs) From 09ee7413a3d1e32e835fbffadebafe940bb039ae Mon Sep 17 00:00:00 2001 From: Jordan Selig Date: Tue, 13 Jan 2026 12:16:41 -0500 Subject: [PATCH 3/3] Update test to check outboundVnetRouting.applicationTraffic instead of vnetRouteAllEnabled --- .../azure/cli/command_modules/appservice/custom.py | 8 ++++++-- .../appservice/tests/latest/test_functionapp_commands.py | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/appservice/custom.py b/src/azure-cli/azure/cli/command_modules/appservice/custom.py index ba1fa0cc296..2f6ad8e9d95 100644 --- a/src/azure-cli/azure/cli/command_modules/appservice/custom.py +++ b/src/azure-cli/azure/cli/command_modules/appservice/custom.py @@ -3199,16 +3199,20 @@ def update_site_configs(cmd, resource_group_name, name, slot=None, number_of_wor setattr(configs, 'function_app_scale_limit', max_replicas) return update_configuration_polling(cmd, resource_group_name, name, slot, configs) + # Update SiteConfig first + result = _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_configuration', slot, configs) + # Handle vnet_route_all_enabled separately using Site-level outbound_vnet_routing property + # This is done after SiteConfig update to ensure the Site-level property is not overwritten if vnet_route_all_enabled is not None: from azure.mgmt.web.models import OutboundVnetRouting client = web_client_factory(cmd.cli_ctx) app = _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'get', slot, client=client) - app.outbound_vnet_routing = OutboundVnetRouting(application_traffic=(vnet_route_all_enabled == 'true')) + app.outbound_vnet_routing = OutboundVnetRouting(application_traffic=vnet_route_all_enabled == 'true') _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'begin_create_or_update', slot, client=client, extra_parameter=app) - return _generic_site_operation(cmd.cli_ctx, resource_group_name, name, 'update_configuration', slot, configs) + return result def update_configuration_polling(cmd, resource_group_name, name, slot, configs): diff --git a/src/azure-cli/azure/cli/command_modules/appservice/tests/latest/test_functionapp_commands.py b/src/azure-cli/azure/cli/command_modules/appservice/tests/latest/test_functionapp_commands.py index c7ec41a836a..f524c65fe41 100644 --- a/src/azure-cli/azure/cli/command_modules/appservice/tests/latest/test_functionapp_commands.py +++ b/src/azure-cli/azure/cli/command_modules/appservice/tests/latest/test_functionapp_commands.py @@ -3444,7 +3444,7 @@ def test_functionapp_elastic_premium_restricted_public_network_access_storage_vn self.cmd('functionapp create -g {} -n {} -s {} -p {} --functions-version 4 --vnet {} --subnet {}'.format(resource_group, functionapp_name, storage_account, ep_plan_name, vnet_name, subnet_name)).assert_with_checks([ JMESPathCheck('vnetContentShareEnabled', True), - JMESPathCheck('vnetRouteAllEnabled', True), + JMESPathCheck('outboundVnetRouting.applicationTraffic', True), JMESPathCheck('virtualNetworkSubnetId', subnet_id) ])