Skip to content

Commit

Permalink
Allow using remote Azure IP Networks which allows loading when the ap…
Browse files Browse the repository at this point in the history
…plication starts (#240)
  • Loading branch information
mburumaxwell authored May 5, 2024
1 parent ea099a3 commit ff8e04e
Showing 1 changed file with 30 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ public static AuthorizationPolicyBuilder RequireApprovedNetworks(this Authorizat
}

/// <summary>
/// Adds an <see cref="ApprovedIPNetworkRequirement"/> to the current instance, using Known Azure IPs.
/// Adds an <see cref="ApprovedIPNetworkRequirement"/> to the current instance, using known Azure IPs that are cached locally.
/// Ensure the necessary Authorization and framework services are added to the same collection
/// using <c>services.AddApprovedNetworksHandler(...)</c>.
/// Networks used are retrieved using <see cref="AzureIPNetworks.AzureIPsHelper"/>.
Expand All @@ -110,12 +110,36 @@ public static AuthorizationPolicyBuilder RequireAzureIPNetworks(this Authorizati
AzureIPNetworks.AzureCloud cloud = AzureIPNetworks.AzureCloud.Public,
string? service = null,
string? region = null)
=> builder.RequireAzureIPNetworks(AzureIPNetworks.AzureIPsProvider.Local, cloud, service, region);

/// <summary>
/// Adds an <see cref="ApprovedIPNetworkRequirement"/> to the current instance, using known Azure IPs from an instance of <see cref="AzureIPNetworks.AzureIPsProvider"/>.
/// Ensure the necessary Authorization and framework services are added to the same collection
/// using <c>services.AddApprovedNetworksHandler(...)</c>.
/// Networks used are retrieved using <see cref="AzureIPNetworks.AzureIPsHelper"/>.
/// </summary>
/// <param name="builder">The instance to add to</param>
/// <param name="provider">The <see cref="AzureIPNetworks.AzureIPsProvider"/> to use.</param>
/// <param name="cloud">The Azure Cloud which to allow.</param>
/// <param name="service">
/// (Optional) The name of the service whose IP ranges to allow.
/// When not provided(null), IPs from all services are added.
/// </param>
/// <param name="region">
/// (Optional) The name of the region whose IP ranges to allow.
/// When not provided(null), IPs from all regions are added.
/// </param>
public static AuthorizationPolicyBuilder RequireAzureIPNetworks(this AuthorizationPolicyBuilder builder,
AzureIPNetworks.AzureIPsProvider provider,
AzureIPNetworks.AzureCloud cloud = AzureIPNetworks.AzureCloud.Public,
string? service = null,
string? region = null)
{
var networks = AzureIPNetworks.AzureIPsProvider.Local.GetNetworksAsync(cloud, service, region)
.AsTask()
.GetAwaiter()
.GetResult()
.ToArray();
var networks = provider.GetNetworksAsync(cloud, service, region)
.AsTask()
.GetAwaiter()
.GetResult()
.ToArray();

// create the requirement and add it to the builder
return builder.RequireApprovedNetworks(networks);
Expand Down

0 comments on commit ff8e04e

Please sign in to comment.