NetworkRule

avatar
unknown
plain_text
2 years ago
2.9 kB
6
Indexable
- stage: IpRuleToStgNwAc
  jobs:
    - job: IpRuleJob
      steps:
        - task: AzureCLI@2
          displayName: 'Azure CLI Add IP for AZDO Agent into the Storage Account network rules'
          inputs:
            azureSubscription: 'yourconnectionname' #  Azure DevOps Azure Resource Manager Service Connection 
            scriptType: pscore
            scriptLocation: inlineScript
            inlineScript: |
              write-host ' What is the local time? '
              get-date | out-string
              write-host ' What is the local timezone? '
              get-timezone | out-string
              write-host ' What location is this Microsoft Azure DevOps Agent machine running in? '
              Invoke-RestMethod http://ipinfo.io/json | out-string
              $ip = Invoke-RestMethod http://ipinfo.io/json | Select -exp ip
              $cidrip = $ip. Substring(0, $ip. LastIndexOf(".")) + ".0/24"
              write-host ' Add the IP address' $ip 'into the firewall rules... '
              az storage account network-rule add --resource-group $(bkstrgrg) --account-name $(bkstrg) --ip-address $ip
              write-host ' Sleeping now for 30 seconds to allow firewall rule population... *'
              sleep 30
              write-host ' Check to see if the IP address' $ip 'is in the Firewall Rules for the Storage Account before access attempt... '
              az storage account network-rule list --resource-group $(bkstrgrg) --account-name $(bkstrg)
        - task: AzureCLI@2
          displayName: 'Azure CLI Check Access to the Storage Account'
          inputs:
            azureSubscription: 'yourconnectionname' # Azure DevOps Azure Resource Manager Service Connection 
            scriptType: pscore
            scriptLocation: inlineScript
            inlineScript: |
              write-host ''
              write-host ' Attempting to access containers - did it work? '
              write-host ''              
              az storage blob list --container-name $(bkcontainer) --account-name $(bkstrg) --query [].name
        - task: AzureCLI@2
          displayName: 'Azure CLI Tidy Up and remove IP from Storage Account network rules'
          inputs:
            azureSubscription: 'yourconnectionname' #CHANGE Azure Resource Manager Service Connection 
            scriptType: pscore
            scriptLocation: inlineScript
            inlineScript: |
              Invoke-RestMethod http://ipinfo.io/json | out-string
              $ip = Invoke-RestMethod http://ipinfo.io/json | Select -exp ip
              write-host ' Removing the IP address' $ip 'from the firewall rules to tidy up '
              az storage account network-rule remove --resource-group $(bkstrgrg) --account-name $(bkstrg) --ip-address $ip
          condition: always()
Editor is loading...
Leave a Comment