Merge pull request #39388 from codyhoag/azure-upi-security-fix

BZ#2030348 Fix Azure UPI storage creation to remove security risk

Author: codyhoag

modules/installation-azure-user-infra-uploading-rhcos.adoc

@@ -115,7 +115,7 @@ endif::ash[]
 +
 [source,terminal]
 ----
-$ az storage container create --name files --account-name ${CLUSTER_NAME}sa --account-key ${ACCOUNT_KEY} --public-access blob
+$ az storage container create --name files --account-name ${CLUSTER_NAME}sa --account-key ${ACCOUNT_KEY}
 ----
 +
 [source,terminal]

modules/installation-creating-azure-bootstrap.adoc

@@ -41,11 +41,20 @@ support with your installation logs.
 this topic and save it as `04_bootstrap.json` in your cluster's installation directory. This template
 describes the bootstrap machine that your cluster requires.
 
-. Export the following variables required by the bootstrap machine deployment:
+. Export the bootstrap ignition variable:
++
+[source,terminal]
+----
+$ bootstrap_url_expiry=`date -u -d "10 hours" '+%Y-%m-%dT%H:%MZ'`
+----
++
+[source,terminal]
+----
+$ export BOOTSTRAP_URL=`az storage blob generate-sas -c 'files' -n 'bootstrap.ign' --https-only --full-uri --permissions r --expiry $bootstrap_url_expiry --account-name ${CLUSTER_NAME}sa --account-key ${ACCOUNT_KEY} -o tsv`
+----
 +
 [source,terminal]
 ----
-$ export BOOTSTRAP_URL=`az storage blob url --account-name ${CLUSTER_NAME}sa --account-key ${ACCOUNT_KEY} -c "files" -n "bootstrap.ign" -o tsv`
 $ export BOOTSTRAP_IGNITION=`jq -rcnM --arg v "3.2.0" --arg url ${BOOTSTRAP_URL} '{ignition:{version:$v,config:{replace:{source:$url}}}}' | base64 | tr -d '\n'`
 ----