Merge branch 'main' into tamirkamara/2023-update-tomcat-url

microsoft · Jun 9, 2022 · 17a9190 · 17a9190
2 parents 2a3a278 + 4f0c65f
commit 17a9190
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 2 deletions.
diff --git a/templates/workspaces/base/terraform/airlock/eventgrid_topics.tf b/templates/workspaces/base/terraform/airlock/eventgrid_topics.tf
@@ -7,7 +7,7 @@ resource "azurerm_eventgrid_system_topic" "import_approved_blob_created" {
   topic_type             = "Microsoft.Storage.StorageAccounts"
 
   tags = {
-    Publishers = "airlock;accepted-import-sa"
+    Publishers = "airlock;approved-import-sa"
   }
 
   depends_on = [

diff --git a/templates/workspaces/base/terraform/airlock/storage_accounts.tf b/templates/workspaces/base/terraform/airlock/storage_accounts.tf
@@ -11,6 +11,11 @@ resource "azurerm_storage_account" "sa_import_approved" {
   # This is true ONLY when Hierarchical Namespace is DISABLED
   is_hns_enabled = false
 
+  network_rules {
+    default_action = var.enable_local_debugging ? "Allow" : "Deny"
+    bypass         = ["AzureServices"]
+  }
+
   tags = {
     description = "airlock;import;approved"
   }
@@ -58,6 +63,11 @@ resource "azurerm_storage_account" "sa_export_internal" {
   # This is true ONLY when Hierarchical Namespace is DISABLED
   is_hns_enabled = false
 
+  network_rules {
+    default_action = var.enable_local_debugging ? "Allow" : "Deny"
+    bypass         = ["AzureServices"]
+  }
+
   tags = {
     description = "airlock;export;internal"
   }
@@ -100,6 +110,11 @@ resource "azurerm_storage_account" "sa_export_inprogress" {
   # This is true ONLY when Hierarchical Namespace is DISABLED
   is_hns_enabled = false
 
+  network_rules {
+    default_action = var.enable_local_debugging ? "Allow" : "Deny"
+    bypass         = ["AzureServices"]
+  }
+
   tags = {
     description = "airlock;export;inprogress"
   }
@@ -142,6 +157,11 @@ resource "azurerm_storage_account" "sa_export_rejected" {
   # This is true ONLY when Hierarchical Namespace is DISABLED
   is_hns_enabled = false
 
+  network_rules {
+    default_action = var.enable_local_debugging ? "Allow" : "Deny"
+    bypass         = ["AzureServices"]
+  }
+
   tags = {
     description = "airlock;export;rejected"
   }

diff --git a/templates/workspaces/base/terraform/workspace.tf b/templates/workspaces/base/terraform/workspace.tf
@@ -41,7 +41,7 @@ module "airlock" {
   location               = var.location
   tre_id                 = var.tre_id
   ws_resource_group_name = azurerm_resource_group.ws.name
-  enable_local_debugging = true
+  enable_local_debugging = var.enable_local_debugging
   services_subnet_id     = module.network.services_subnet_id
   short_workspace_id     = local.short_workspace_id