Core key vault firewall should not be set to "Allow public access from all networks"

[jonnyry]

Resolves #4250

[github-actions]

Unit Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit 6acf7f6.

♻️ This comment has been updated with latest results.

[jonnyry]

/help

[github-actions]

🤖 pr-bot 🤖

Hello!

You can use the following commands:
    /test - build, deploy and run smoke tests on a PR
    /test-extended - build, deploy and run smoke & extended tests on a PR
    /test-extended-aad - build, deploy and run smoke & extended AAD tests on a PR
    /test-shared-services - test the deployment of shared services on a PR build
    /test-force-approve - force approval of the PR tests (i.e. skip the deployment checks)
    /test-destroy-env - delete the validation environment for a PR (e.g. to enable testing a deployment from a clean start after previous tests)
    /help - show this help

(in response to this comment from @jonnyry)

[jonnyry]

/test 6acf7f6

[github-actions]

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/microsoft/AzureTRE/actions/runs/12632129362 (with refid cfa1d17f)

(in response to this comment from @jonnyry)

[tamirkamara]

@jonnyry How will a CI agent connect to the FW if this is set?

[marrobi]

@jonnyry believe I remember you saying you a have a script that opens/closes the KV firewall when you do a deploy? Think that would need to be part of this and added to the workflows.

[jonnyry]

@tamirkamara @marrobi Ah right, yes, I was too hasty with my PR... the key vault secrets are read/written using the data plane.

I'll take another look.

[jonnyry]

Closing this PR. Will open a new one once a solution in place for CI agent access.