Skip to content

Kv firewall #160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 15, 2023
Merged

Kv firewall #160

merged 2 commits into from
Mar 15, 2023

Conversation

@m-cappi
Copy link
Contributor

@m-cappi m-cappi commented Mar 10, 2023
edited
Loading

Description

During deploy, terraform requires access to a KV to retrieve secrets from two different Key Vaults (1 & 2). Said KVs have to update their firewall rule to only "Allow public access from specific virtual networks and IP addresses".

The current changes are meant to authenticate as an Azure Service Principal and include the current runner public IP into the KVs firewall allow list.
Once the task is done, the IP is removed.

Both of the KVs names and their RG names are set as env variables over their respective environments env.sh.

Fixes # Security Scanning Services - Compliance: Key Vault must have public access disabled.

Type of change

Please delete options that are not relevant.

  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

TBD

Checklist:

Please delete options that are not relevant.

  • I have performed a self-review
  • Changelog has been updated
  • Documentation has been updated
  • Unit tests pass locally (./scripts/test)
  • Code is linted and styled (./scripts/format)

@m-cappi m-cappi marked this pull request as ready for review March 10, 2023 20:12
@lossyrob lossyrob mentioned this pull request Mar 15, 2023
Merged
@lossyrob lossyrob merged commit 1665c6f into microsoft:main Mar 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@m-cappi @lossyrob