Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block TRE access to Terraform/Hashicorp domains #2590

Merged
merged 5 commits into from
Sep 13, 2022
Merged

Block TRE access to Terraform/Hashicorp domains #2590

merged 5 commits into from
Sep 13, 2022

Conversation

tamirkamara
Copy link
Collaborator

@tamirkamara tamirkamara commented Sep 13, 2022
edited
Loading

Resolves #2445

What is being addressed

With all bundles implementing Terraform provider mirroring it's time to start blocking TRE communication to Terraform/Hasihcorp domains.

Migration

It's advised to upgrade your firewall to the new 0.5.0 version if all your deployed tre resources are at (or above) the versions below.
If you have created and deployed custom templates that use Terraform, you need to make sure you mirror providers. Look at the dockerfile.tmpl of one our templates for an example.

The method to do this upgrade is manual - upgrade the templateVersion of tre-shared-service-firewall resource in Cosmos to 0.5.0

template name version
tre-workspace-base 0.3.28
tre-workspace-unrestricted 0.1.9
tre-service-mlflow 0.3.7
tre-service-innereye 0.3.5
tre-workspace-service-gitea 0.3.8
tre-workspace-service-mysql 0.1.2
tre-service-guacamole-linuxvm 0.4.13
tre-service-guacamole-windowsvm 0.4.8
tre-service-guacamole 0.4.5
tre-user-resource-aml-compute-instance 0.3.2
tre-service-azureml 0.4.8
tre-shared-service-cyclecloud 0.2.6
tre-shared-service-gitea 0.3.14
tre-shared-service-airlock-notifier 0.1.2
tre-shared-service-certs 0.1.3
tre-shared-service-sonatype-nexus 2.1.6
tre-shared-service-firewall 0.4.3

@github-actions
Copy link

github-actions bot commented Sep 13, 2022
edited
Loading

Unit Test Results

0 tests   - 3   0 ✔️  - 3   0s ⏱️ - 2h 19m 24s
0 suites  - 1   0 💤 ±0 
0 files    - 1   0 ±0 

Results for commit 84ee641. ± Comparison against base commit ed68d49.

♻️ This comment has been updated with latest results.

@tamirkamara
Copy link
Collaborator Author

/test-extended

@github-actions
Copy link

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/3042442645 (with refid adec62d6)

(in response to this comment from @tamirkamara)

@tamirkamara tamirkamara marked this pull request as ready for review September 13, 2022 07:58
@tamirkamara
Copy link
Collaborator Author

/test-extended

@github-actions
Copy link

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/3043310345 (with refid adec62d6)

(in response to this comment from @tamirkamara)

eladiw
eladiw approved these changes Sep 13, 2022
View reviewed changes
Copy link
Contributor

@eladiw eladiw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice. lgtm

@tamirkamara
Copy link
Collaborator Author

/test-extended

@tamirkamara tamirkamara enabled auto-merge (squash) September 13, 2022 18:43
@github-actions
Copy link

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/3047555810 (with refid adec62d6)

(in response to this comment from @tamirkamara)

@tamirkamara tamirkamara merged commit e6b62f4 into main Sep 13, 2022
@tamirkamara tamirkamara deleted the tamirkamara/2445-firewall-blocks-tf branch September 13, 2022 20:26
tanya-borisova added a commit to tanya-borisova/AzureTRE that referenced this pull request Oct 10, 2022
@tanya-borisova
Revert "Block TRE access to Terraform/Hashicorp domains (microsoft#2590
dc2b3b8 
…)" to be

added back in a future release

This reverts commit e6b62f4.
@tanya-borisova tanya-borisova mentioned this pull request Oct 10, 2022
Merged
tanya-borisova added a commit that referenced this pull request Oct 10, 2022
@tanya-borisova
Allow access to Terraform/Hashicorp domains (#2716)
466a542 
Revert "Block TRE access to Terraform/Hashicorp domains (#2590)" to be
added back in a future release
marrobi pushed a commit that referenced this pull request Oct 11, 2022
@tanya-borisova @marrobi
Allow access to Terraform/Hashicorp domains (#2716)
56a913d 
Revert "Block TRE access to Terraform/Hashicorp domains (#2590)" to be
added back in a future release
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eladiw eladiw eladiw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove Firewall rule allowing Terraform domains access
2 participants
@tamirkamara @eladiw