Restrict live test storage account access to client IP#8371
Restrict live test storage account access to client IP#8371benbp merged 7 commits intoAzure:mainfrom
Conversation
benbp
added
the
Central-EngSys
|
The following pipelines have been queued for testing: |
benbp
force-pushed
the
benbp/test-resources-allowlist
branch
from
daa331e to
d07adbb
Compare
|
The following pipelines have been queued for testing: |
|
@benbp is there a way to potential do this inside of a bicep template we can force folks to start using if they are deploying storage accounts? |
|
@weshaggard we could add some sort of dynamic parameter to pass in for the IP, but that won't help with new bicep files. Also we're going to go with a vnet solution for the agent pools, so we don't want client ip to be used in every case either. |
benbp
force-pushed
the
benbp/test-resources-allowlist
branch
from
d07adbb to
52d3d42
Compare
|
The following pipelines have been queued for testing: |
benbp
force-pushed
the
benbp/test-resources-allowlist
branch
from
52d3d42 to
44660f4
Compare
|
The following pipelines have been queued for testing: |
|
The following pipelines have been queued for testing: |
|
The following pipelines have been queued for testing: |
benbp
force-pushed
the
benbp/test-resources-allowlist
branch
from
618f4df to
57b8e6c
Compare
benbp
force-pushed
the
benbp/test-resources-allowlist
branch
from
827deae to
6d5edeb
Compare
|
The following pipelines have been queued for testing: |
|
The following pipelines have been queued for testing: |
benbp
force-pushed
the
benbp/test-resources-allowlist
branch
from
4d1e7b9 to
e324291
Compare
|
The following pipelines have been queued for testing: |
|
Waiting on the java/net PRs from @danieljurek to update the federated auth conditional before this goes in (since it relies on two other PRs that are blocked on the aforementioned PRs) |
benbp
force-pushed
the
benbp/test-resources-allowlist
branch
from
e324291 to
47e9665
Compare
|
The following pipelines have been queued for testing: |
Sync eng/common directory with azure-sdk-tools for PR Azure/azure-sdk-tools#8371 See [eng/common workflow](https://github.com/Azure/azure-sdk-tools/blob/main/eng/common/README.md#workflow) --------- Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
4 participants
Not quite sure about the ordering here, if we want to set networks rules before or after post-script/deployment removal or not.
This adds a step to our deployment script that sets any deployed storage accounts to a network deny state, but punches a hole through for the client's IP. A medium term solution until better ones come online (reach out for details).