Remove FW on KV and StorageAccounts (Done in Terraform) (#1345)

Co-authored-by: Automatic Update <radix@statoilsrm.onmicrosoft.com>
equinor · May 21, 2024 · b17bb3f · b17bb3f
1 parent 7986eab
commit b17bb3f
Show file tree

Hide file tree

Showing 5 changed files with 3 additions and 101 deletions.
diff --git a/scripts/install_base_components.sh b/scripts/install_base_components.sh
@@ -198,20 +198,6 @@ if [[ $USER_PROMPT == true ]]; then
     echo ""
 fi
 
-#######################################################################################
-### Add IP rule to Keyvault
-###
-
-printf "initializing...\n"
-printf "Getting public ip... "
-myip=$(curl http://ifconfig.me/ip 2> /dev/null) ||
-{ echo "ERROR: Failed to get IP address." >&2; exit 1; }
-printf "Done.\n"
-
-printf "Adding %s to %s firewall... " $myip $AZ_RESOURCE_KEYVAULT
-az keyvault network-rule add --name "${AZ_RESOURCE_KEYVAULT}" --ip-address  "$myip" --only-show-errors > /dev/null
-printf "Done.\n"
-
 #######################################################################################
 ### Connect kubectl
 ###
@@ -306,9 +292,9 @@ echo ""
 ### Install grafana
 ###
 
-printf "%s► Execute %s%s\n" "${grn}" "$WORKDIR_PATH/scripts/grafana/bootstrap.sh" "${normal}"
-(USER_PROMPT="$USER_PROMPT" ./grafana/bootstrap.sh)
-wait
+# printf "%s► Execute %s%s\n" "${grn}" "$WORKDIR_PATH/scripts/grafana/bootstrap.sh" "${normal}"
+# (USER_PROMPT="$USER_PROMPT" ./grafana/bootstrap.sh)
+# wait
 
 
 #######################################################################################
@@ -397,14 +383,6 @@ printf "%s► Execute %s%s\n" "${grn}" "$WORKDIR_PATH/scripts/flux/bootstrap.sh"
     ./flux/bootstrap.sh)
 wait
 
-#######################################################################################
-### Remove IP rule from Keyvault
-###
-
-printf "Remove %s to %s firewall... " $myip $AZ_RESOURCE_KEYVAULT
-az keyvault network-rule remove --name "${AZ_RESOURCE_KEYVAULT}" --ip-address  "$myip" --only-show-errors > /dev/null
-printf "Done.\n"
-
 #######################################################################################
 ### END
 ###

diff --git a/scripts/migrate.sh b/scripts/migrate.sh
@@ -290,20 +290,6 @@ if [[ "$?" != "0" ]]; then
 fi
 printf "Done.\n"
 
-#######################################################################################
-### Add IP rule to Keyvault
-###
-
-printf "initializing...\n"
-printf "Getting public ip... "
-myip=$(curl http://ifconfig.me/ip 2> /dev/null) ||
-{ echo "ERROR: Failed to get IP address." >&2; exit 1; }
-printf "Done.\n"
-
-printf "Adding %s to %s firewall... " $myip $AZ_RESOURCE_KEYVAULT
-az keyvault network-rule add --name "${AZ_RESOURCE_KEYVAULT}" --ip-address  "$myip" --only-show-errors > /dev/null
-printf "Done.\n"
-
 #######################################################################################
 ### Check the migration strategy
 ###
@@ -774,14 +760,6 @@ if [[ $update_redis_cache == true ]]; then
     printf "Done...\n"
 fi
 
-#######################################################################################
-### Remove IP rule from Keyvault
-###
-
-printf "Remove %s to %s firewall... " $myip $AZ_RESOURCE_KEYVAULT
-az keyvault network-rule remove --name "${AZ_RESOURCE_KEYVAULT}" --ip-address  "$myip" --only-show-errors > /dev/null
-printf "Done.\n"
-
 # Move custom ingresses
 # if [[ $MIGRATION_STRATEGY == "aa" ]]; then
 #     CUSTOM_INGRESSES=true

diff --git a/scripts/rotate-secrets/rotate-secrets.sh b/scripts/rotate-secrets/rotate-secrets.sh
@@ -95,16 +95,6 @@ user_prompt_continue || exit 1
 ### Start
 ###
 
-printf "initializing...\n"
-printf "Getting public ip... "
-myip=$(curl http://ifconfig.me/ip 2> /dev/null) ||
-{ echo "ERROR: Failed to get IP address." >&2; exit 1; }
-printf "Done.\n"
-
-printf "Adding %s to %s firewall... " $myip $KEY_VAULT
-az keyvault network-rule add --name "${KEY_VAULT}" --ip-address  "$myip" --only-show-errors > /dev/null
-printf "Done.\n"
-
 keyvault_list_secrets "${KEY_VAULT}" "31"
 printf "%s► Running scripts... %s%s\n" "${grn}" "$script" "${normal}"
 
@@ -126,6 +116,3 @@ done
 keyvault_list_secrets "${KEY_VAULT}" "31"
 
 printf "\n%s► Cleaning up... %s\n" "${grn}" "${normal}"
-printf "Removing %s to %s firewall... " $myip $KEY_VAULT
-az keyvault network-rule add --name "${KEY_VAULT}" --ip-address  "$myip" --only-show-errors > /dev/null
-printf "Done.\n"
diff --git a/scripts/update_auth_proxy_secret_for_console.sh b/scripts/update_auth_proxy_secret_for_console.sh
@@ -75,19 +75,6 @@ printf "Done.\n"
 verify_cluster_access
 
 #######################################################################################
-### Add IP rule to Keyvault
-###
-
-printf "initializing...\n"
-printf "Getting public ip... "
-myip=$(curl http://ifconfig.me/ip 2> /dev/null) ||
-{ echo "ERROR: Failed to get IP address." >&2; exit 1; }
-printf "Done.\n"
-
-printf "Adding %s to %s firewall... " $myip $AZ_RESOURCE_KEYVAULT
-az keyvault network-rule add --name "${AZ_RESOURCE_KEYVAULT}" --ip-address  "$myip" --only-show-errors > /dev/null
-printf "Done.\n"
-#######################################################################################
 
 
 function updateAuthProxySecret() {
@@ -149,7 +136,3 @@ function updateWebSecret() {
 ### MAIN
 updateAuthProxySecret
 updateWebSecret
-
-printf "Remove %s to %s firewall... " $myip $AZ_RESOURCE_KEYVAULT
-az keyvault network-rule remove --name "${AZ_RESOURCE_KEYVAULT}" --ip-address  "$myip" --only-show-errors > /dev/null
-printf "Done.\n"
diff --git a/scripts/velero/install_prerequisites_in_cluster.sh b/scripts/velero/install_prerequisites_in_cluster.sh
@@ -199,25 +199,6 @@ esac
 printf "...Done"
 
 
-MYIP=$(curl http://ifconfig.me/ip) ||
-  {
-    echo "ERROR: Failed to get IP address." >&2
-    return 1
-  }
-
-az storage account network-rule add \
-  --account-name "$AZ_VELERO_STORAGE_ACCOUNT_ID" \
-  --ip-address "${MYIP}" \
-  --output none \
-  --only-show-errors
-
-printf "Wait for network-rule to apply..."
-while [[ "$(az storage container list --account-name "$AZ_VELERO_STORAGE_ACCOUNT_ID" --auth-mode login 2>&1 >/dev/null)" == *"ERROR"* ]]; do
-  printf "."
-  sleep 5
-done
-printf "Done."
-
 # Create the cluster specific blob container
 printf "\nWorking on storage container..."
 az storage container create -n "$CLUSTER_NAME" \
@@ -227,11 +208,6 @@ az storage container create -n "$CLUSTER_NAME" \
   2>&1 >/dev/null
 printf "...Done"
 
-az storage account network-rule remove \
-  --account-name "$AZ_VELERO_STORAGE_ACCOUNT_ID" \
-  --ip-address "${MYIP}" \
-  --output none \
-  --only-show-errors
 
 # Create configMap that will hold the cluster specific values that Flux will later use when it manages the deployment of Velero
 printf "Working on configmap for flux..."