Add rules to allow access to login.microsoftonline.com #32764
+39
−0
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Without these rules the action/login will fail, so your workflows will not be able to do much. If you're working with containers, this also affects docker/login-action.
Why:
Adding the three rules allows access to login.microsoftonline.com, which is necessary for the action azure/login@v2 to work. Otherwise its blocked. This also fixes the same problem for docker/login-action.
FWIW, the following is also useful and might possibly be added somewhere in the documentation, along with some instructions to add additional rules to support access to specific external resources. AllowDockerRegistryAndNpmOutbound is necessary to allow the job to reach registry-1.docker.io and production.cloudflare.docker.com to pull docker images, and registry.npmjs.org for npm install.
Closes:
Azure/login#439
What's being changed (if available, include any code snippets, screenshots, or gifs):
Added the following rules to the bicep file definition:
Check off the following:
I have reviewed my changes in staging, available via the View deployment link in this PR's timeline (this link will be available after opening the PR).
data
directory.For content changes, I have completed the self-review checklist.