Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable storage access keys #4227

Merged
merged 3 commits into from
Dec 30, 2024
Merged

Disable storage access keys #4227

merged 3 commits into from
Dec 30, 2024

Conversation

tamirkamara
Copy link
Collaborator

Resolves #4218

What is being addressed

Storage accounts have the access key option enabled despite us not needing it. Some policies keep changing it and it can create noise in Terraform deployments.

How is this addressed

  • Disable access key usage on almost all storage account
  • Add a comment where it appears we have an issue

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 29, 2024
edited
Loading

Unit Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit 72f5823.

♻️ This comment has been updated with latest results.

@tamirkamara
Copy link
Collaborator Author

/test-extended

@github-actions GitHub Actions
Copy link

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/12536353417 (with refid 0dd64cf9)

(in response to this comment from @tamirkamara)

@tamirkamara tamirkamara force-pushed the tamirkamara/4218-disable-storage-key branch from ef88647 to 7f46aa7 Compare December 29, 2024 14:49
@tamirkamara tamirkamara force-pushed the tamirkamara/4218-disable-storage-key branch from 7f46aa7 to bb8314c Compare December 29, 2024 14:50
@tamirkamara
Copy link
Collaborator Author

/test-extended

@github-actions GitHub Actions
Copy link

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/12536639727 (with refid 0dd64cf9)

(in response to this comment from @tamirkamara)

@tamirkamara
Copy link
Collaborator Author

/test-extended

@github-actions GitHub Actions
Copy link

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/12536832599 (with refid 0dd64cf9)

(in response to this comment from @tamirkamara)

@tamirkamara tamirkamara enabled auto-merge (squash) December 29, 2024 18:25
yuvalyaron
yuvalyaron approved these changes Dec 30, 2024
View reviewed changes
core/terraform/airlock/airlock_processor.tf Outdated Show resolved Hide resolved
core/terraform/airlock/airlock_processor.tf Outdated Show resolved Hide resolved
@tamirkamara
Copy link
Collaborator Author

/test-force-approve

@github-actions GitHub Actions
Copy link

🤖 pr-bot 🤖

✅ Marking tests as complete (for commit 72f5823)

(in response to this comment from @tamirkamara)

@tamirkamara tamirkamara merged commit fdf50f2 into main Dec 30, 2024
12 checks passed
@tamirkamara tamirkamara deleted the tamirkamara/4218-disable-storage-key branch December 30, 2024 12:33
@jonnyry
Copy link
Collaborator

jonnyry commented Jan 3, 2025

Hi @tamirkamara

Just noticed this one still has a storage account key enabled...

AzureTRE/templates/workspaces/base/terraform/storage.tf

Line 1 in e74fbe8

resource "azurerm_storage_account" "stg" {

though it is used in mounting the file storage to the VM.

@tamirkamara
Copy link
Collaborator Author

@jonnyry we have an Azure Files share which will never support AAD so the key has to be enabled there.

@jonnyry
Copy link
Collaborator

jonnyry commented Jan 3, 2025

Ah OK no problem :-) wasn't sure if you could use SAS keys

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuvalyaron yuvalyaron yuvalyaron approved these changes

@LizaShak LizaShak LizaShak approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Secure storage accounts
4 participants
@tamirkamara @jonnyry @LizaShak @yuvalyaron