Skip to content

Commit

Permalink
Add subnet of pct sas kubernetes cluster to the storage account that …
Browse files Browse the repository at this point in the history
…holds ip ban table (#230)

Co-authored-by: elay <[email protected]>
  • Loading branch information
elayrocks and elay authored Jul 2, 2024
1 parent 302a44f commit 23b5e69
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 1 deletion.
2 changes: 1 addition & 1 deletion deployment/terraform/resources/storage_account.tf
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ resource "azurerm_storage_account" "pc" {

network_rules {
default_action = "Deny"
virtual_network_subnet_ids = [azurerm_subnet.node_subnet.id, azurerm_subnet.function_subnet.id]
virtual_network_subnet_ids = [azurerm_subnet.node_subnet.id, azurerm_subnet.function_subnet.id, data.azurerm_subnet.sas_node_subnet.id]
}

# Disabling shared access keys breaks terraform's ability to do subsequent
Expand Down
11 changes: 11 additions & 0 deletions deployment/terraform/resources/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,17 @@ variable "func_storage_account_url" {
type = string
}

variable "sas_node_subnet_name" {
type = string
}

variable "sas_node_subnet_virtual_network_name" {
type = string
}

variable "sas_node_subnet_resource_group_name" {
type = string
}
# -----------------
# Local variables

Expand Down
6 changes: 6 additions & 0 deletions deployment/terraform/resources/vnet.tf
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,12 @@ resource "azurerm_subnet" "cache_subnet" {
service_endpoints = []
}

data "azurerm_subnet" "sas_node_subnet" {
name = var.sas_node_subnet_name
virtual_network_name = var.sas_node_subnet_virtual_network_name
resource_group_name = var.sas_node_subnet_resource_group_name
}

resource "azurerm_subnet" "function_subnet" {
name = "${local.prefix}-functions-subnet"
virtual_network_name = azurerm_virtual_network.pc.name
Expand Down
4 changes: 4 additions & 0 deletions deployment/terraform/staging/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,10 @@ module "resources" {
prod_log_analytics_workspace_id = "78d48390-b6bb-49a9-b7fd-a86f6522e9c4"
func_storage_account_url = "https://pctapisstagingsa.table.core.windows.net/"
banned_ip_table = "blobstoragebannedip"

sas_node_subnet_name = "pct-sas-westeurope-staging-node-subnet"
sas_node_subnet_virtual_network_name = "pct-sas-westeurope-staging-network"
sas_node_subnet_resource_group_name = "pct-sas-westeurope-staging_rg"
}

terraform {
Expand Down

0 comments on commit 23b5e69

Please sign in to comment.