[DEVOPS-282] Set access restrictions on Container app ingress (#65)

<details open> <summary><a href="https://amuniversal.atlassian.net/browse/DEVOPS-282" title="DEVOPS-282" target="_blank">DEVOPS-282</a></summary> <br /> <table> <tr> <th>Summary</th> <td>Add network access restrictions to ephemeral deployments workflow</td> </tr> <tr> <th>Type</th> <td> <img alt="Story" src="https://amuniversal.atlassian.net/images/icons/issuetypes/story.png" /> Story </td> </tr> <tr> <th>Status</th> <td>To Do</td> </tr> <tr> <th>Points</th> <td>N/A</td> </tr> <tr> <th>Labels</th> <td>-</td> </tr> </table> </details>  ---  ## Description - Set access restrictions on Container app ingress. - Added `ingressWhitelist` input to ephemeral deployments workflow. ## Related Issues  - Jira Issue: DEVOPS-282
Andrews-McMeel-Universal · Oct 12, 2023 · a25e697 · a25e697
1 parent 06527c0
commit a25e697
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/.github/workflows/ephemeral-deploy.yaml b/.github/workflows/ephemeral-deploy.yaml
@@ -36,6 +36,11 @@ on:
         type: string
         description: "Location of resources in Azure"
         default: "centralus"
+      ingressWhitelist:
+        required: false
+        type: string
+        description: "IP address that will be allowed to access the ephemeral deployment"
+        default: "207.67.20.252/32"
     secrets:
       azureCredentials:
         required: true
@@ -182,6 +187,10 @@ jobs:
           ingress: external
           disableTelemetry: true
 
+      - name: Add access restrictions to Container App ingress
+        run: |
+          az containerapp ingress access-restriction set --action Allow --ip-address "${{ inputs.ingressWhitelist }}" --rule-name allow-range --name "${{ needs.prepare.outputs.repositoryName }}-${{ needs.prepare.outputs.jiraTicketIdLc }}" --resource-group "${{ inputs.clusterResourceGroup }}"
+
       - name: Get Container App Hostname
         id: hostname
         run: |