Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable storage account cross tenant replication #4116

Open
wants to merge 15 commits into
base: main
Choose a base branch
from

Conversation

jonnyry
Copy link
Contributor

@jonnyry jonnyry commented Oct 31, 2024

What is being addressed

Disable storage account cross tenant replication.

The Azure TRE does not use cross tenant replication and it the feature is typically flagged in security posture guidance to disable if not being used, e.g. https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/StorageAccounts/disable-cross-tenant-replication.html

@github-actions github-actions bot added the external PR from an external contributor label Oct 31, 2024
Copy link

github-actions bot commented Nov 4, 2024

Unit Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit c632c09.

♻️ This comment has been updated with latest results.

@jonnyry
Copy link
Contributor Author

jonnyry commented Nov 4, 2024

Not sure why tflint is failing now for my change. I have changed this file (by adding cross_tenant_replication_enabled = false) but not changed the tags.

Happy to fix the tag issue if necessary? Presume it just needs the tre_id wiring through as a TF variable.

2024-11-04 08:54:14 [INFO]   File:[/github/workspace/devops/terraform/main.tf]
2024-11-04 08:54:14 [ERROR]   Found errors in [tflint] linter!
2024-11-04 08:54:14 [ERROR]   Error code: 2. Command output:
------
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
4 issue(s) found:

Notice: The resource is missing the following tags: "tre_id". (azurerm_resource_missing_tags)

  on main.tf line 10:
  10:   tags = {
  11:     project = "Azure Trusted Research Environment"
  12:     source  = "https://github.com/microsoft/AzureTRE/"
  13:   }

Reference: https://github.com/terraform-linters/tflint-ruleset-azurerm/blob/v0.22.0/docs/rules/azurerm_resource_missing_tags.md

Notice: The resource is missing the following tags: "tre_id". (azurerm_resource_missing_tags)

  on main.tf line 19:
  19: resource "azurerm_storage_account" "state_storage" {

Reference: https://github.com/terraform-linters/tflint-ruleset-azurerm/blob/v0.22.0/docs/rules/azurerm_resource_missing_tags.md

Notice: The resource is missing the following tags: "tre_id". (azurerm_resource_missing_tags)

  on main.tf line 33:
  33: resource "azurerm_container_registry" "shared_acr" {

Reference: https://github.com/terraform-linters/tflint-ruleset-azurerm/blob/v0.22.0/docs/rules/azurerm_resource_missing_tags.md

Notice: The resource is missing the following tags: "tre_id". (azurerm_resource_missing_tags)

  on main.tf line 45:
  45: resource "azurerm_container_registry_task" "tredev_purge" {

Reference: https://github.com/terraform-linters/tflint-ruleset-azurerm/blob/v0.22.0/docs/rules/azurerm_resource_missing_tags.md

@jonnyry
Copy link
Contributor Author

jonnyry commented Nov 4, 2024

Ah this would be the reason...

        uses: github/super-linter/[email protected]
        env:
          VALIDATE_ALL_CODEBASE: false

...didn't realise the linter only processed files changed.

@jonnyry
Copy link
Contributor Author

jonnyry commented Nov 5, 2024

Not fixing the linting issue above as per:

#4117

Copy link
Collaborator

@tim-allen-ck tim-allen-ck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
external PR from an external contributor
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants