Skip to content

feat: 1762 - firewall and peering#344

Open
StuwiiDev wants to merge 7 commits into
mainfrom
feat/1762/firewall
Open

feat: 1762 - firewall and peering#344
StuwiiDev wants to merge 7 commits into
mainfrom
feat/1762/firewall

Conversation

@StuwiiDev
Copy link
Copy Markdown
Collaborator

@StuwiiDev StuwiiDev commented Jun 1, 2026
edited
Loading

Summary

Add a firewall, route table and peering so traffic in the CAE VNET can only pass out through it.

Changes

  • CAE now has a routeTableId paramter that is required
  • Created the egress Firewall and policies as shared module.
  • Created Peering as shared module
  • Created a Public IP for the firewall (Unsure if this is possible just yet)

Validation

@StuwiiDev StuwiiDev requested a review from a team as a code owner June 1, 2026 16:28
@StuwiiDev StuwiiDev force-pushed the feat/1762/firewall branch 2 times, most recently from 8f8db88 to 305e0cf Compare June 2, 2026 08:25
@StuwiiDev StuwiiDev marked this pull request as draft June 2, 2026 08:34
@StuwiiDev StuwiiDev force-pushed the feat/1762/firewall branch from 15779ac to ff332df Compare June 2, 2026 10:32
@StuwiiDev StuwiiDev marked this pull request as ready for review June 3, 2026 06:25
@StuwiiDev StuwiiDev force-pushed the feat/1762/firewall branch 2 times, most recently from 0c78c32 to 5b798a3 Compare June 3, 2026 07:56
@StuwiiDev StuwiiDev force-pushed the feat/1762/firewall branch from 5b798a3 to 59db23b Compare June 3, 2026 08:50
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Jun 3, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 3, 2026

Code Coverage

Package Line Rate Branch Rate Health
suiw 100% 100%
AppHost 100% 100%
External 45% 32%
SUI.Client.Core 94% 91%
Shared 93% 86%
Matching 74% 49%
SUI.DBS.Response.Logger.Core 91% 70%
SUI.Client.StorageProcessJob 97% 80%
Summary 80% (3796 / 4756) 63% (1001 / 1600)

jtaylor100
jtaylor100 reviewed Jun 3, 2026
View reviewed changes
Comment thread infra/modules/shared/egress-firewall.bicep
Comment on lines +76 to +86
{
// Basic-tier ACR serves image layers from shared Azure Storage; narrowing
// this requires upgrading ACR to Premium with dedicated data endpoints.
name: 'acr-blob-allow'
#disable-next-line no-hardcoded-env-urls
fqdn: '*.blob.core.windows.net'
}
{
name: 'kv-allow'
fqdn: keyVaultEndpoint
}
Copy link
Copy Markdown
Collaborator

@jtaylor100 jtaylor100 Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Won't these be covered by the private endpoints?

Comment thread infra/modules/shared/egress-firewall.bicep
}
]

resource firewallVirtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
Copy link
Copy Markdown
Collaborator

@jtaylor100 jtaylor100 Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it need to be in a separate virtual network to be peered, or just a different subnet in the same network? I assumed the latter, but not sure if you've hit any technical bump

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jtaylor100 jtaylor100 jtaylor100 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@StuwiiDev @jtaylor100