Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable purge protection #1973

Merged
merged 56 commits into from
Jun 13, 2022
Merged

Enable purge protection #1973

merged 56 commits into from
Jun 13, 2022

Conversation

tanya-borisova
Copy link
Contributor

@tanya-borisova tanya-borisova commented Jun 6, 2022
edited
Loading

PR for issue #1830

What is being addressed

Enable purge protection for all keyvaults used (see the issue linked).

How is this addressed

  • Enable purge protection for all keyvaults
  • Set azurerm to not purge soft deleted objects on destroy (all of them)
  • Set azurerm to recover soft deleted secrets (which is set to true by default)
  • Remove all references to TF_VAR_keyvault_purge_protection_enabled

ross-p-smith and others added 30 commits May 12, 2022 13:01
@ross-p-smith
azurerm_app_service_plan to azurerm_service_plan
7b4725e
@tanya-borisova
wip: purge protection enabled
50b79c5
@tanya-borisova
Purge protection is enabled
37fa865
@tanya-borisova
remove purge protection variable from .env.sample
1c70c3e
@tanya-borisova
azurerm 3.x migration
ef32607
@ross-p-smith
Upgrade to 3.5.0
6236e78
@ross-p-smith
Missed some
35ba80d
@ross-p-smith
3.5.0
05c2131
@ross-p-smith
3.5.0
99a7e06
@ross-p-smith
gitea version
d40ffcf
@ross-p-smith
Upgraded lock files
1ff07e1
@ross-p-smith
Tcp
0e35f09
@tanya-borisova
Merge branch 'main' into tborisova/1830-enable-purge-protection
3f4bb6e
@tanya-borisova
Merge branch 'main' into tborisova/1830-enable-purge-protection
aaadeb1
@tanya-borisova
Fix azurerm provider for guacamole
8903e16
@tanya-borisova
Merge branch 'tborisova/1830-enable-purge-protection' of github.com:m…
3ef2057 
…icrosoft/AzureTRE into tborisova/1830-enable-purge-protection
@tanya-borisova
Merge branch 'main' into tborisova/1830-enable-purge-protection
ec829ff
@tanya-borisova
Merge branch 'main' into tborisova/1830-enable-purge-protection
b9b8ede
@ross-p-smith
Merge branch 'main' into tborisova/1830-enable-purge-protection
9677cb0
@tanya-borisova
Merge branch 'main' into tborisova/1830-enable-purge-protection
ae54f20
@tanya-borisova
Merge branch 'main' into tborisova/1830-enable-purge-protection
de0b95a
@tanya-borisova
Revert unnecessary changes
e654f56
@tanya-borisova
Merge remote-tracking branch 'origin/main' into tborisova/1830-enable…
3d2aaeb 
…-purge-protection
@tanya-borisova
Remove app_service_plan related changes
551abe3
@tanya-borisova
Steal Ross's changes to destroy access policies when destroying keyvault
a0c3ff1
@tanya-borisova
Disable all purging on delete
b0f1443
@tanya-borisova
fmt
2f35c4b
@tamirkamara
Merge branch 'main' into tborisova/1830-enable-purge-protection
e9d14d1
@tanya-borisova
Merge branch 'main' into tborisova/1830-enable-purge-protection
941377d
@tanya-borisova
fix build
5d1490b
@tanya-borisova
Copy link
Contributor Author

/test-destroy-env

@github-actions
Copy link

Destroying PR test environment (RG: rg-trec504da90)... (run: https://github.com/microsoft/AzureTRE/actions/runs/2474148698)

@github-actions
Copy link

Destroying branch test environment (RG: rg-trec33bca33)... (run: https://github.com/microsoft/AzureTRE/actions/runs/2474148698)

@github-actions
Copy link

Branch test environment destroy complete (RG: rg-trec33bca33)

@github-actions
Copy link

PR test environment destroy complete (RG: rg-trec504da90)

@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:55 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova tanya-borisova temporarily deployed to CICD June 10, 2022 13:58 Inactive
@tanya-borisova
Copy link
Contributor Author

/test-force-approve

I can't test the deletion and recreation of the environment in CI, because it uses destroy_env_no_terraform.sh from main branch and not from mine. I have tested this quite a lot on development TREs though so this should be okay.

@github-actions
Copy link

🤖 pr-bot 🤖

✅ Marking tests as complete (for commit 2b169cd)

(in response to this comment from @tanya-borisova)

@tanya-borisova tanya-borisova merged commit e8468bf into main Jun 13, 2022
@tanya-borisova tanya-borisova deleted the tborisova/1830-enable-purge-protection-2 branch June 13, 2022 09:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marrobi marrobi marrobi approved these changes

@ross-p-smith ross-p-smith Awaiting requested review from ross-p-smith

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enable purge protection
4 participants
@tanya-borisova @ross-p-smith @marrobi @tamirkamara