Change allowed FQDN for ADConnect endpoints #1505
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
craddm
requested review from
martintoreilly,
jemrobinson and
JimMadge
as code owners
jemrobinson
reviewed
Jul 21, 2023
| @@ -81,7 +81,8 @@ Add-LogMessage -Level Info "Looking for SRD with IP address '$vmIpAddress'..." | |||
| if (-not $vmIpAddress) { | |||
| Add-LogMessage -Level Fatal "No SRD found with IP address '$vmIpAddress'. Cannot run test to confirm external DNS resolution." | |||
| } else { | |||
| $vmName = @(Get-AzNetworkInterface | Where-Object { $_.IpConfigurations.PrivateIpAddress -eq $vmIpAddress } | ForEach-Object { $_.VirtualMachine.Id.Split("/")[-1] })[0] | |||
| # Match on both IP address and resource group | |||
| $vmName = @(Get-AzNetworkInterface | Where-Object { $_.IpConfigurations.PrivateIpAddress -eq $vmIpAddress -and $_.ResourceGroupName -eq $config.sre.srd.rg } | ForEach-Object { $_.VirtualMachine.Id.Split("/")[-1] })[0] | |||
There was a problem hiding this comment.
There's a -ResourceGroupName argument to Get-AzNetworkInterface to simplify the logic if you'd like.
craddm
changed the title
jemrobinson
merged commit d246c31
into
alan-turing-institute:develop
9 of 10 checks passed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
✅ Checklist
Enable foobar integrationrather than515 foobar).develop.'[WIP]'to the title if needed (if you're not yet ready to merge)../tests/AutoFormat_Powershell.ps1 -TargetPath <path to file or directory>for Powershell).Changes the FQDN that represents ADConnect endpoints used in a remote Powershell script. Previously, many individual endpoints were listed in the SHM firewall rules, which were captured by
g*.servicebus.windows.net. The pattern needed to be changed.In addition, when running the remote test scripts for external DNS queries, the script now only retrieves VM names from the appropriate resource group in the SHM/SRE, rather than finding any VM in the whole subscription with a matching IP address.
🌂 Related issues
Closes #1503
Closes #1507
🔬 Tests
Tested on existing and new deployments of SREs