Skip to content

Commit 76f0505

Browse files
aramasearamase
authored
chore: use azure storage static web serving rather than public access (#1359)
Signed-off-by: Anish Ramasekar <[email protected]>
1 parent 055352a commit 76f0505

File tree

1 file changed

+10
-4
lines changed

1 file changed

+10
-4
lines changed

scripts/wi-kind-setup.sh

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -49,8 +49,9 @@ fi
4949
LOCATION="${1}"
5050
RESOURCE_GROUP="${2}"
5151
AZURE_STORAGE_ACCOUNT="oidcissuer$(openssl rand -hex 4)"
52-
AZURE_STORAGE_CONTAINER="oidc"
53-
SERVICE_ACCOUNT_ISSUER="https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_STORAGE_CONTAINER}/"
52+
# This $web container is a special container that serves static web content without requiring public access enablement.
53+
# See https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-static-website
54+
AZURE_STORAGE_CONTAINER="\$web"
5455

5556
validate() {
5657
# check if user is logged into azure cli
@@ -74,12 +75,15 @@ create_azure_blob_storage_account() {
7475

7576
if ! az storage account show --name "${AZURE_STORAGE_ACCOUNT}" --resource-group "${RESOURCE_GROUP}" > /dev/null 2>&1; then
7677
echo "Creating storage account '${AZURE_STORAGE_ACCOUNT}' in '${RESOURCE_GROUP}'"
77-
az storage account create --resource-group "${RESOURCE_GROUP}" --name "${AZURE_STORAGE_ACCOUNT}" --allow-blob-public-access true --output none --only-show-errors
78+
az storage account create --resource-group "${RESOURCE_GROUP}" --name "${AZURE_STORAGE_ACCOUNT}" --output none --only-show-errors
7879
fi
7980

81+
# Enable static website serving
82+
az storage blob service-properties update --account-name "${AZURE_STORAGE_ACCOUNT}" --static-website --output none --only-show-errors
83+
8084
if ! az storage container show --name "${AZURE_STORAGE_CONTAINER}" --account-name "${AZURE_STORAGE_ACCOUNT}" > /dev/null 2>&1; then
8185
echo "Creating storage container '${AZURE_STORAGE_CONTAINER}' in '${AZURE_STORAGE_ACCOUNT}'"
82-
az storage container create --name "${AZURE_STORAGE_CONTAINER}" --account-name "${AZURE_STORAGE_ACCOUNT}" --public-access blob --output none --only-show-errors
86+
az storage container create --name "${AZURE_STORAGE_CONTAINER}" --account-name "${AZURE_STORAGE_ACCOUNT}" --output none --only-show-errors
8387
fi
8488
}
8589

@@ -124,6 +128,8 @@ upload_to_blob() {
124128
}
125129

126130
create_kind_cluster() {
131+
SERVICE_ACCOUNT_ISSUER=$(az storage account show --name "${AZURE_STORAGE_ACCOUNT}" -o json | jq -r .primaryEndpoints.web)
132+
127133
if [ "${SKIP_CLUSTER:-}" = "true" ]; then
128134
echo "Skipping cluster creation"
129135
return

0 commit comments

Comments
 (0)