webrtc>> manage-nsg>> 返回
项目作者: venura9

项目描述 :
GitHub Action to Manage NSG Rules allowing public running deployment to resources secured by Azure NSGs
高级语言: Shell
项目地址: git://github.com/venura9/manage-nsg.git
创建时间: 2020-03-16T11:27:38Z
项目社区:https://github.com/venura9/manage-nsg
开源协议:MIT License
下载


Manage NSG for Deployments

run_test_master run_test_develop

This GitHub action allows a hosted(public) runner image to access resources secured by an Azure Network Security Group (NSG) by creating an allow rule picking the current IP address of the hosted runner, also the same task can be used to remove existing NSG rules allowing the cleanup of the created rules.

E.g. Web Deploy to a WebApp inside an Azure Application Service Environment (ASE)

Inputs

azure-credentials

  • Required SPN details as secrets.AZURE_CREDENTIALS, Refer Configure Azure Credentials on how to.
  • Default "N/A".

    rule-priority-start:

  • Optional Start value for the priority range to be used.
  • Default "300".

    rule-priority-range:

  • Optional range of the NSG priority values to be used when multiple agents are deploying sharing the same NSG.
  • Default "100".

    rule-inbound-port:

  • Optional Port for the inbound rule’.
  • Default "443".

    rule-id-for-removal:

  • Optional rule id to remove. If this value is defined the action will default to deleteing.
  • Default "".

    rule-nsg-resource-group-name:

  • Required Resource Group of the NSG.
  • Default "N/A".

    rule-nsg-name:

  • Required Name of the NSG.
  • Default "N/A".

Outputs

rule_name

Created or Deleted NSG Rule Name

Example usage

  2. #File: .github/workflows/deploy_action.yml
  4. name: deploy_to_azure_resource_behind_nsg
  6. on:
  7.   push:
  8.     branches:
  9.       - master
  11. jobs:
  12.   deploy:
  13.     runs-on: ubuntu-latest
  14.     name: Deploying to Azure
  15.     steps:
  17.       - name: dig +short myip.opendns.com @resolver1.opendns.com
  18.         run: dig +short myip.opendns.com @resolver1.opendns.com
  20.       - name: Add NSG Rule
  21.         uses: venura9/manage-nsg@master
  22.         id: rule
  23.         with:
  24.           azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
  25.           rule-nsg-resource-group-name: ManageNsg
  26.           rule-nsg-name: ManageNsg
  28.       - name: Print Created NSG Rule Name
  29.         run: echo "Rule Name ${{ steps.rule.outputs.rule_name }}"
  31.       - name: Remove NSG Rule
  32.         uses: venura9/manage-nsg@master
  33.         with:
  34.           azure-credentials: ${{ secrets.AZURE_CREDENTIALS }}
  35.           rule-id-for-removal: ${{ steps.rule.outputs.rule_name }}
  36.           rule-nsg-resource-group-name: ManageNsg
  37.           rule-nsg-name: ManageNsg

Configure Azure credentials:

To fetch the credentials required to authenticate with Azure, run the following command to generate an Azure Service Principal (SPN) with Contributor permissions:

  1. az ad sp create-for-rbac --name "myApp" --role contributor \
  2.                          --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \
  3.                          --sdk-auth
  5. # Replace {subscription-id}, {resource-group} with yout subscription, resource group details
  7. # The command should output a JSON object similar to this:
  9. {
  10.   "clientId": "<GUID>",
  11.   "clientSecret": "<GUID>",
  12.   "subscriptionId": "<GUID>",
  13.   "tenantId": "<GUID>",
  14.   (...)
  15. }
  17. # Note: You can always create the json string manually and add as a secret

Add the json output as a secret (let’s say with the name AZURE_CREDENTIALS) in the GitHub repository.