From b17f7dd4344f705fc3bc0c8a5a183690dc8b7349 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 2 Feb 2022 18:02:56 +0100 Subject: [PATCH 1/3] Updated Key Vault --- infra/main.json | 70 +++++---------------------- infra/modules/services/keyvault.bicep | 3 +- 2 files changed, 15 insertions(+), 58 deletions(-) diff --git a/infra/main.json b/infra/main.json index f71298f..3fbd67d 100644 --- a/infra/main.json +++ b/infra/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.4.1124.51302", - "templateHash": "6542674684264803931" + "templateHash": "1511805043645479529" } }, "parameters": { @@ -448,7 +448,7 @@ "_generator": { "name": "bicep", "version": "0.4.1124.51302", - "templateHash": "16882101118127557101" + "templateHash": "13883560175464909401" } }, "parameters": { @@ -732,53 +732,6 @@ ] } }, - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2020-11-01", - "name": "[format('{0}-adfssis-nsg', parameters('prefix'))]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "securityRules": [ - { - "name": "AllowBatchNodeManagement", - "properties": { - "description": "Required for Azure SSIS with public IP.", - "protocol": "Tcp", - "sourcePortRange": "*", - "destinationPortRange": "29876-29877", - "sourceAddressPrefix": "BatchNodeManagement", - "destinationAddressPrefix": "*", - "access": "Allow", - "priority": 110, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "AllowAzureCloud", - "properties": { - "description": "Required for Azure SSIS workers to access Azure services, such as Azure Storage and Azure Event Hubs.", - "protocol": "Tcp", - "sourcePortRange": "*", - "destinationPortRange": "443", - "sourceAddressPrefix": "VirtualNetwork", - "destinationAddressPrefix": "AzureCloud", - "access": "Allow", - "priority": 120, - "direction": "Outbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - } - ] - } - }, { "type": "Microsoft.Network/virtualNetworks", "apiVersion": "2020-06-01", @@ -1178,7 +1131,7 @@ "_generator": { "name": "bicep", "version": "0.4.1124.51302", - "templateHash": "18313384142239512916" + "templateHash": "15321614578444699909" } }, "parameters": { @@ -1237,7 +1190,7 @@ "_generator": { "name": "bicep", "version": "0.4.1124.51302", - "templateHash": "7953887992371664532" + "templateHash": "12505067730214864691" } }, "parameters": { @@ -1264,7 +1217,7 @@ "resources": [ { "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2021-04-01-preview", + "apiVersion": "2021-06-01-preview", "name": "[parameters('keyvaultName')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -1283,6 +1236,7 @@ "ipRules": [], "virtualNetworkRules": [] }, + "publicNetworkAccess": "Disabled", "sku": { "family": "A", "name": "standard" @@ -4292,7 +4246,7 @@ "_generator": { "name": "bicep", "version": "0.4.1124.51302", - "templateHash": "7539544899333460771" + "templateHash": "6475176560452078151" } }, "parameters": { @@ -4433,7 +4387,7 @@ "_generator": { "name": "bicep", "version": "0.4.1124.51302", - "templateHash": "7953887992371664532" + "templateHash": "12505067730214864691" } }, "parameters": { @@ -4460,7 +4414,7 @@ "resources": [ { "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2021-04-01-preview", + "apiVersion": "2021-06-01-preview", "name": "[parameters('keyvaultName')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -4479,6 +4433,7 @@ "ipRules": [], "virtualNetworkRules": [] }, + "publicNetworkAccess": "Disabled", "sku": { "family": "A", "name": "standard" @@ -4581,7 +4536,7 @@ "_generator": { "name": "bicep", "version": "0.4.1124.51302", - "templateHash": "7953887992371664532" + "templateHash": "12505067730214864691" } }, "parameters": { @@ -4608,7 +4563,7 @@ "resources": [ { "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2021-04-01-preview", + "apiVersion": "2021-06-01-preview", "name": "[parameters('keyvaultName')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -4627,6 +4582,7 @@ "ipRules": [], "virtualNetworkRules": [] }, + "publicNetworkAccess": "Disabled", "sku": { "family": "A", "name": "standard" diff --git a/infra/modules/services/keyvault.bicep b/infra/modules/services/keyvault.bicep index f3694e1..00fca41 100644 --- a/infra/modules/services/keyvault.bicep +++ b/infra/modules/services/keyvault.bicep @@ -15,7 +15,7 @@ param privateDnsZoneIdKeyVault string = '' var keyVaultPrivateEndpointName = '${keyVault.name}-private-endpoint' // Resources -resource keyVault 'Microsoft.KeyVault/vaults@2021-04-01-preview' = { +resource keyVault 'Microsoft.KeyVault/vaults@2021-06-01-preview' = { name: keyvaultName location: location tags: tags @@ -34,6 +34,7 @@ resource keyVault 'Microsoft.KeyVault/vaults@2021-04-01-preview' = { ipRules: [] virtualNetworkRules: [] } + publicNetworkAccess: 'Disabled' sku: { family: 'A' name: 'standard' From 222d2941b95a0c3c2c4cdc5084e29f99b123aedd Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 2 Feb 2022 18:04:20 +0100 Subject: [PATCH 2/3] updated linting --- .github/linters/.arm-ttk.psd1 | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/linters/.arm-ttk.psd1 b/.github/linters/.arm-ttk.psd1 index c2388e1..cc0c426 100644 --- a/.github/linters/.arm-ttk.psd1 +++ b/.github/linters/.arm-ttk.psd1 @@ -12,5 +12,6 @@ 'apiVersions Should Be Recent' 'Parameters Must Be Referenced' 'Variables Must Be Referenced' + 'apiVersions Should Be Recent In Reference Functions' ) } From 3284e46988b889a9c44a0bf823619f60aed190ae Mon Sep 17 00:00:00 2001 From: Marvin Buss <34542414+marvinbuss@users.noreply.github.com> Date: Wed, 2 Feb 2022 18:12:41 +0100 Subject: [PATCH 3/3] Update .arm-ttk.psd1 --- .github/linters/.arm-ttk.psd1 | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/linters/.arm-ttk.psd1 b/.github/linters/.arm-ttk.psd1 index cc0c426..dd2905d 100644 --- a/.github/linters/.arm-ttk.psd1 +++ b/.github/linters/.arm-ttk.psd1 @@ -13,5 +13,6 @@ 'Parameters Must Be Referenced' 'Variables Must Be Referenced' 'apiVersions Should Be Recent In Reference Functions' + 'URIs Should Be Properly Constructed' ) }