Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove usage of storage account key in airlock processor #2382

Merged
merged 6 commits into from
Aug 2, 2022
Merged

Remove usage of storage account key in airlock processor #2382

merged 6 commits into from
Aug 2, 2022

Conversation

tamirkamara
Copy link
Collaborator

@tamirkamara tamirkamara commented Aug 1, 2022
edited
Loading

Resolves #2185

What is being addressed

The airlock processor uses storage account keys for its operations (like copy) which is less secure and complicate the code...

How is this addressed

  • Copy operations are now performed by using a SAS that is signed by a user delegated key rather than the account key
  • Create container is done with AD Auth (rather than connection string that includes the account key)
  • Align (and simplify) role assignments in Terraform

@github-actions
Copy link

github-actions bot commented Aug 1, 2022
edited
Loading

Unit Test Results

6 tests   6 ✔️  0s ⏱️
1 suites  0 💤
1 files    0

Results for commit 368d01f.

♻️ This comment has been updated with latest results.

@tamirkamara tamirkamara marked this pull request as ready for review August 1, 2022 10:51
@tamirkamara
Copy link
Collaborator Author

/test

@github-actions
Copy link

github-actions bot commented Aug 1, 2022

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/microsoft/AzureTRE/actions/runs/2774255799 (with refid cfd8a3c9)

(in response to this comment from @tamirkamara)

@tamirkamara
Copy link
Collaborator Author

/test

@github-actions
Copy link

github-actions bot commented Aug 1, 2022

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/microsoft/AzureTRE/actions/runs/2777258381 (with refid cfd8a3c9)

(in response to this comment from @tamirkamara)

LizaShak
LizaShak approved these changes Aug 2, 2022
View reviewed changes
Copy link
Collaborator

@LizaShak LizaShak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tamirkamara
Copy link
Collaborator Author

/test

@github-actions
Copy link

github-actions bot commented Aug 2, 2022

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/microsoft/AzureTRE/actions/runs/2782024460 (with refid cfd8a3c9)

(in response to this comment from @tamirkamara)

@tamirkamara tamirkamara merged commit d1b2ef4 into main Aug 2, 2022
@tamirkamara tamirkamara deleted the tamirkamara/2185-airlock-processor-user-delegation-key branch August 2, 2022 12:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LizaShak LizaShak LizaShak approved these changes

Assignees
No one assigned
Labels
airlock
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Airlock processor uses user delegated key to acquire SAS token
2 participants
@tamirkamara @LizaShak