From 23b5e6936bb6b622896f3de51b678a3e2dae33c3 Mon Sep 17 00:00:00 2001 From: elayrocks Date: Tue, 2 Jul 2024 10:47:02 -0700 Subject: [PATCH] Add subnet of pct sas kubernetes cluster to the storage account that holds ip ban table (#230) Co-authored-by: elay --- deployment/terraform/resources/storage_account.tf | 2 +- deployment/terraform/resources/variables.tf | 11 +++++++++++ deployment/terraform/resources/vnet.tf | 6 ++++++ deployment/terraform/staging/main.tf | 4 ++++ 4 files changed, 22 insertions(+), 1 deletion(-) diff --git a/deployment/terraform/resources/storage_account.tf b/deployment/terraform/resources/storage_account.tf index 8b9a5dde..1ad494b0 100644 --- a/deployment/terraform/resources/storage_account.tf +++ b/deployment/terraform/resources/storage_account.tf @@ -9,7 +9,7 @@ resource "azurerm_storage_account" "pc" { network_rules { default_action = "Deny" - virtual_network_subnet_ids = [azurerm_subnet.node_subnet.id, azurerm_subnet.function_subnet.id] + virtual_network_subnet_ids = [azurerm_subnet.node_subnet.id, azurerm_subnet.function_subnet.id, data.azurerm_subnet.sas_node_subnet.id] } # Disabling shared access keys breaks terraform's ability to do subsequent diff --git a/deployment/terraform/resources/variables.tf b/deployment/terraform/resources/variables.tf index e83b5f57..9134bc30 100644 --- a/deployment/terraform/resources/variables.tf +++ b/deployment/terraform/resources/variables.tf @@ -144,6 +144,17 @@ variable "func_storage_account_url" { type = string } +variable "sas_node_subnet_name" { + type = string +} + +variable "sas_node_subnet_virtual_network_name" { + type = string +} + +variable "sas_node_subnet_resource_group_name" { + type = string +} # ----------------- # Local variables diff --git a/deployment/terraform/resources/vnet.tf b/deployment/terraform/resources/vnet.tf index 5d759ca1..660441db 100644 --- a/deployment/terraform/resources/vnet.tf +++ b/deployment/terraform/resources/vnet.tf @@ -26,6 +26,12 @@ resource "azurerm_subnet" "cache_subnet" { service_endpoints = [] } +data "azurerm_subnet" "sas_node_subnet" { + name = var.sas_node_subnet_name + virtual_network_name = var.sas_node_subnet_virtual_network_name + resource_group_name = var.sas_node_subnet_resource_group_name +} + resource "azurerm_subnet" "function_subnet" { name = "${local.prefix}-functions-subnet" virtual_network_name = azurerm_virtual_network.pc.name diff --git a/deployment/terraform/staging/main.tf b/deployment/terraform/staging/main.tf index b9f3ce92..bfbb6baf 100644 --- a/deployment/terraform/staging/main.tf +++ b/deployment/terraform/staging/main.tf @@ -26,6 +26,10 @@ module "resources" { prod_log_analytics_workspace_id = "78d48390-b6bb-49a9-b7fd-a86f6522e9c4" func_storage_account_url = "https://pctapisstagingsa.table.core.windows.net/" banned_ip_table = "blobstoragebannedip" + + sas_node_subnet_name = "pct-sas-westeurope-staging-node-subnet" + sas_node_subnet_virtual_network_name = "pct-sas-westeurope-staging-network" + sas_node_subnet_resource_group_name = "pct-sas-westeurope-staging_rg" } terraform {