azstg

- stage: ManageStorageAccountIP
  jobs:
  - job: AddIPToStorageAccount
    steps:
      - task: AzureCLI@2
        displayName: 'Add AZDO Agent IP to Storage Account Network Rules'
        inputs:
          azureSubscription: 'Workflow-DevTest'
          scriptType: pscore
          scriptLocation: inlineScript
          inlineScript: |
            $ip = Invoke-RestMethod http://ipinfo.io/json | Select -exp ip
            $cidrip = $ip.Substring(0, $ip.LastIndexOf(".")) + ".0/24"
            az storage account network-rule add --resource-group $(bkstrgrg) --account-name $(bkstrg) --ip-address $cidrip
      - task: AzureCLI@2
        displayName: 'Azure CLI Check Access to the Storage Account'
        inputs:
            azureSubscription: 'yourconnectionname' # Azure DevOps Azure Resource Manager Service Connection 
            scriptType: pscore
            scriptLocation: inlineScript
            inlineScript: |
              write-host ''
              write-host ' Attempting to access containers - did it work? '
              write-host ''              
              az storage blob list --container-name $(bkcontainer) --account-name $(bkstrg) --query [].name
      - task: AzureCLI@2
        displayName: 'Azure CLI Tidy Up and remove IP from Storage Account network rules'
        inputs:
            azureSubscription: 'yourconnectionname' #CHANGE Azure Resource Manager Service Connection 
            scriptType: pscore
            scriptLocation: inlineScript
            inlineScript: |
              Invoke-RestMethod http://ipinfo.io/json | out-string
              $ip = Invoke-RestMethod http://ipinfo.io/json | Select -exp ip
              write-host ' Removing the IP address' $ip 'from the firewall rules to tidy up '
              az storage account network-rule remove --resource-group $(bkstrgrg) --account-name $(bkstrg) --ip-address $ip
        condition: always()