diff --git a/.github/workflows/batch_pipeline.yaml b/.github/workflows/batch_pipeline.yaml index 95e00ea..860a57a 100644 --- a/.github/workflows/batch_pipeline.yaml +++ b/.github/workflows/batch_pipeline.yaml @@ -68,6 +68,7 @@ jobs: \"filePattern\": \"*.log\", \"destination\": { \"container\": { + \"containerUrl\": \"\${{ secrets.AZURE_STORAGE_CONTAINER_URL }}\", \"path\": \"logs\" } }, diff --git a/infrastructure/main.tf b/infrastructure/main.tf index 8c8eced..ddb8b3e 100644 --- a/infrastructure/main.tf +++ b/infrastructure/main.tf @@ -221,11 +221,11 @@ resource "github_actions_secret" "use2_main_swa_api_key" { # Key Vault resource "azurerm_subnet" "use2_kv_subnet" { - name = "${var.app_name}-${var.location_short}-${var.environment_name}-kv-subnet" - resource_group_name = azurerm_resource_group.use2_main_rg.name - virtual_network_name = azurerm_virtual_network.use2_main_vnet.name - address_prefixes = ["10.0.10.0/24"] - service_endpoints = ["Microsoft.KeyVault", ] + name = "${var.app_name}-${var.location_short}-${var.environment_name}-kv-subnet" + resource_group_name = azurerm_resource_group.use2_main_rg.name + virtual_network_name = azurerm_virtual_network.use2_main_vnet.name + address_prefixes = ["10.0.10.0/24"] + service_endpoints = ["Microsoft.KeyVault", ] } resource "azurerm_network_security_group" "use2_kv_nsg" { @@ -321,11 +321,11 @@ resource "azurerm_user_assigned_identity" "use2_main_sb_identity" { # Storage Account resource "azurerm_subnet" "use2_sa_subnet" { - name = "${var.app_name}-${var.location_short}-${var.environment_name}-sa-subnet" - resource_group_name = azurerm_resource_group.use2_main_rg.name - virtual_network_name = azurerm_virtual_network.use2_main_vnet.name - address_prefixes = ["10.0.20.0/24"] - service_endpoints = ["Microsoft.Storage", ] + name = "${var.app_name}-${var.location_short}-${var.environment_name}-sa-subnet" + resource_group_name = azurerm_resource_group.use2_main_rg.name + virtual_network_name = azurerm_virtual_network.use2_main_vnet.name + address_prefixes = ["10.0.20.0/24"] + service_endpoints = ["Microsoft.Storage", ] } resource "azurerm_network_security_group" "use2_sa_nsg" { @@ -492,6 +492,14 @@ resource "azurerm_private_endpoint" "use2_main_sa_pe" { } } +resource "github_actions_secret" "use2_main_sa_account_container_url" { + #checkov:skip=CKV_GIT_4:Not sending sensitive data to the repository, encriptions not needed + for_each = toset(var.batch_repositories) + repository = each.value + secret_name = "AZURE_STORAGE_CONTAINER_URL" + plaintext_value = "https://${azurerm_storage_account.use2_main_sa.name}.blob.core.windows.net/${azurerm_storage_container.use2_main_batch_container.name}" +} + ############################################################################################################################ # Batch @@ -528,11 +536,11 @@ resource "azurerm_role_assignment" "use2_main_batch_acr_role" { } resource "azurerm_subnet" "use2_bp_subnet" { - name = "${var.app_name}-${var.location_short}-${var.environment_name}-bp-subnet" - resource_group_name = azurerm_resource_group.use2_main_rg.name - virtual_network_name = azurerm_virtual_network.use2_main_vnet.name - address_prefixes = ["10.0.30.0/24"] - service_endpoints = ["Microsoft.Storage"] + name = "${var.app_name}-${var.location_short}-${var.environment_name}-bp-subnet" + resource_group_name = azurerm_resource_group.use2_main_rg.name + virtual_network_name = azurerm_virtual_network.use2_main_vnet.name + address_prefixes = ["10.0.30.0/24"] + service_endpoints = ["Microsoft.Storage"] } resource "azurerm_network_security_group" "use2_bp_nsg" {