Skip to content

Commit 250b8ae

Browse files
sadasusadasu
committed
Set PublicAccess to None when creating Blob Containers with CMK
1 parent 8639071 commit 250b8ae

File tree

2 files changed

+12
-2
lines changed

2 files changed

+12
-2
lines changed

pkg/infrastructure/azure/azure.go

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -344,11 +344,16 @@ func (p *Provider) InfraReady(ctx context.Context, in clusterapi.InfraReadyInput
344344
logrus.Debugf("StorageAccount.ID=%s", *storageAccount.ID)
345345

346346
// Create blob storage container
347+
publicAccess := armstorage.PublicAccessContainer
348+
if platform.CustomerManagedKey != nil {
349+
publicAccess = armstorage.PublicAccessNone
350+
}
347351
createBlobContainerOutput, err := CreateBlobContainer(ctx, &CreateBlobContainerInput{
348352
SubscriptionID: subscriptionID,
349353
ResourceGroupName: resourceGroupName,
350354
StorageAccountName: storageAccountName,
351355
ContainerName: containerName,
356+
PublicAccess: to.Ptr(publicAccess),
352357
StorageClientFactory: storageClientFactory,
353358
})
354359
if err != nil {
@@ -743,13 +748,17 @@ func (p Provider) Ignition(ctx context.Context, in clusterapi.IgnitionInput) ([]
743748
ignitionContainerName := "ignition"
744749
blobName := "bootstrap.ign"
745750
blobURL := fmt.Sprintf("%s/%s/%s", p.StorageURL, ignitionContainerName, blobName)
746-
751+
publicAccess := armstorage.PublicAccessContainer
752+
if in.InstallConfig.Config.Azure.CustomerManagedKey != nil {
753+
publicAccess = armstorage.PublicAccessNone
754+
}
747755
// Create ignition blob storage container
748756
createBlobContainerOutput, err := CreateBlobContainer(ctx, &CreateBlobContainerInput{
749757
ContainerName: ignitionContainerName,
750758
SubscriptionID: subscriptionID,
751759
ResourceGroupName: p.ResourceGroupName,
752760
StorageAccountName: p.StorageAccountName,
761+
PublicAccess: to.Ptr(publicAccess),
753762
StorageClientFactory: p.StorageClientFactory,
754763
})
755764
if err != nil {

pkg/infrastructure/azure/storage.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -179,6 +179,7 @@ type CreateBlobContainerInput struct {
179179
ResourceGroupName string
180180
StorageAccountName string
181181
ContainerName string
182+
PublicAccess *armstorage.PublicAccess
182183
StorageClientFactory *armstorage.ClientFactory
183184
}
184185

@@ -200,7 +201,7 @@ func CreateBlobContainer(ctx context.Context, in *CreateBlobContainerInput) (*Cr
200201
in.ContainerName,
201202
armstorage.BlobContainer{
202203
ContainerProperties: &armstorage.ContainerProperties{
203-
PublicAccess: to.Ptr(armstorage.PublicAccessContainer),
204+
PublicAccess: in.PublicAccess,
204205
},
205206
},
206207
nil,

0 commit comments

Comments
 (0)