-
Notifications
You must be signed in to change notification settings - Fork 34
/
Copy pathazfnc2cosmosdb-rules.sh
64 lines (58 loc) · 2.6 KB
/
azfnc2cosmosdb-rules.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/usr/bin/bash
#########################################
# Script to get possible outbound IP addresses
# from Azure Function and configure them
# as allowed IPs in a Cosmos DB.
#
#
# Jose Moreno, June 2024
##########################################
# Get arguments
for i in "$@"
do
case $i in
-f=*|--function=*)
function="${i#*=}"
shift # past argument=value
;;
-c=*|--cosmosdb=*)
cosmosdb="${i#*=}"
shift # past argument=value
;;
-g=*|-rg=*|--resourcegroup=*) # Assumes same RG for Azure Function and CosmosDB
rg="${i#*=}"
shift # past argument=value
;;
esac
done
set -- "${POSITIONAL[@]}" # restore positional parameters
# Verify that all parameters have been provided
if [[ -z $function || -z $cosmosdb || -z $rg ]]; then
echo "ERROR: Usage: $0 -f|--function=<function_name> -c|--cosmosdb=<cosmosdb_name> -g|--resourcegroup=<resource_group>"
exit 1
fi
# Verify that the resources exist with the Azure CLI (assuming we are already authenticated and in the right subscription)
function_id=$(az functionapp show --name $function --resource-group $rg --query id --output tsv)
if [[ -z $function_id ]]; then
echo "ERROR: Azure Function $function not found in resource group $rg"
exit 1
else
echo "DEBUG: Azure Function found with ID $function_id"
fi
cosmosdb_id=$(az cosmosdb show --name $cosmosdb --resource-group $rg --query id --output tsv --only-show-errors)
if [[ -z $cosmosdb_id ]]; then
echo "ERROR: Cosmos DB $cosmosdb not found in resource group $rg"
exit 1
else
echo "DEBUG: Cosmos DB found with ID $cosmosdb_id"
fi
# Get the possible outbound IP addresses for the Azure Function
function_ips=$(az functionapp show --resource-group $rg --name $function --query possibleOutboundIpAddresses --output tsv --only-show-errors)
echo "DEBUG: Azure Function $function has the following possible outbound IP addresses: $function_ips"
# Get the current firewall rules for the Cosmos DB
cosmosdb_ips_current=$(az cosmosdb show -n $cosmosdb -g $rg --only-show-errors -o json | jq -r '.ipRules | .[] | .ipAddressOrRange' | paste -sd "," -)
cosmosdb_ips_new="${cosmosdb_ips_current},${function_ips}"
# Eliminate duplicates in the comma-separated list of values
cosmosdb_ips_new=$(echo $cosmosdb_ips_new | tr ',' '\n' | sort -u | tr '\n' ',' | sed 's/,$//')
echo "DEBUG: Updating Cosmos DB $cosmosdb firewall rules to: $cosmosdb_ips_new"
az cosmosdb update -n $cosmosdb -g $rg --ip-range-filter "$cosmosdb_ips_new" -o none --only-show-errors