Allowed networks for keyvault resources (!858) · Merge requests · OSDU Software / OSDU Data Platform / Deployment and Operations / infra-azure-provisioning

Arturo Hernandez [EPAM] requested to merge 264-ah/allowed-networks into master Jun 05, 2023

All Submissions:

[YES] Have you added an explanation of what your changes do and why you'd like us to include them?
[YES] I have updated the documentation accordingly.
[YES] My code follows the code style of this project.

Current Behavior or Linked Issues

Terraform manages some secret values in the keyvault, when backend_network_access_enabled = true the keyvault access will not be allowed anymore from anywhere, meaning that terraform will not be able to manage secrets anymore.

To overcome this we introduced new variable with backend_access_allowed_networks = ["X.X.X.X/X"] ip addresses whitelist, which by default uses the azure devops ip addresses ranges defined in docs

Does this introduce a breaking change?

[NO] By defect this feature it is not enabled, this is only aimed for customer which are using the backend netwroks access disabled feature.

Other information

As for now we are implementing this for azure keyvault, potentially for other resources this will be handy, however, would recommend to make different issues to address different resources, as some of them can be tricky (such as redis).

Closes #264 (closed)

Allowed networks for keyvault resources

All Submissions:

Current Behavior or Linked Issues

Does this introduce a breaking change?

Other information

Merge request reports