Skip to content

Commit

Permalink
OCPBUGS-45999: Always set cross_tenant_replication_enabled parameter …
Browse files Browse the repository at this point in the history
…to False

** The new versions default to false for cross_tenant_replication_enabled. This change is required for security purposes.
** This security voilation blocks using and scaling Clusters in Public cloud environments for the Banking and Financial industry which need to comply to BAFIN and PCI-DSS regulations.
  • Loading branch information
barbacbd committed Dec 16, 2024
1 parent dc63e8f commit 1a17076
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 10 deletions.
5 changes: 3 additions & 2 deletions data/data/azure/bootstrap/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,9 @@ provider "azurerm" {
}

data "azurerm_storage_account" "storage_account" {
name = var.storage_account_name
resource_group_name = var.resource_group_name
name = var.storage_account_name
resource_group_name = var.resource_group_name
cross_tenant_replication_enabled = false
}

data "azurerm_storage_account_sas" "ignition" {
Expand Down
17 changes: 9 additions & 8 deletions data/data/azure/vnet/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -66,14 +66,15 @@ data "azurerm_user_assigned_identity" "keyvault_identity" {
}

resource "azurerm_storage_account" "cluster" {
name = "cluster${var.random_storage_account_suffix}"
resource_group_name = data.azurerm_resource_group.main.name
location = var.azure_region
account_tier = var.azure_keyvault_name != "" ? "Premium" : "Standard"
account_replication_type = "LRS"
min_tls_version = contains(local.environments_with_min_tls_version, var.azure_environment) ? "TLS1_2" : null
allow_nested_items_to_be_public = var.azure_keyvault_name != "" ? true : false
tags = var.azure_extra_tags
name = "cluster${var.random_storage_account_suffix}"
resource_group_name = data.azurerm_resource_group.main.name
location = var.azure_region
account_tier = var.azure_keyvault_name != "" ? "Premium" : "Standard"
account_replication_type = "LRS"
min_tls_version = contains(local.environments_with_min_tls_version, var.azure_environment) ? "TLS1_2" : null
allow_nested_items_to_be_public = var.azure_keyvault_name != "" ? true : false
tags = var.azure_extra_tags
cross_tenant_replication_enabled = false

dynamic "customer_managed_key" {
for_each = var.azure_keyvault_name != "" ? [1] : []
Expand Down

0 comments on commit 1a17076

Please sign in to comment.