public async Task UpdateDns(CancellationToken cancellationToken) { var serviceCreds = await ApplicationTokenProvider.LoginSilentAsync(_securityConfig.TenantId, _securityConfig.ClientId, _securityConfig.ClientSecret); var dnsClient = new DnsManagementClient(serviceCreds) { SubscriptionId = _securityConfig.SubscriptionId }; var currentIp = await _ipAddressLookup.GetCurrentIdAsync(cancellationToken); foreach (var recordSetName in _dnsConfig.RecordSetNames) { if (cancellationToken.IsCancellationRequested) { _logger.LogInformation("Cancellation requested, aborting update"); return; } _logger.LogInformation($"Trying to update: {recordSetName}"); try { var recordSet = dnsClient.RecordSets.Get(_dnsConfig.ResourceGroupName, _dnsConfig.ZoneName, recordSetName, RecordType.A); // Add a new record to the local object. Note that records in a record set must be unique/distinct // first we check if we need to update - no need to do it all the time var currentARecord = recordSet.ARecords.FirstOrDefault(); if (currentARecord != null) { if (currentARecord.Ipv4Address.Equals(currentIp)) { _logger.LogInformation("Current IP already set, trying next recordset."); continue; } } recordSet.ARecords.Clear(); recordSet.ARecords.Add(new ARecord(currentIp)); // Update the record set in Azure DNS // Note: ETAG check specified, update will be rejected if the record set has changed in the meantime recordSet = await dnsClient.RecordSets.CreateOrUpdateAsync(_dnsConfig.ResourceGroupName, _dnsConfig.ZoneName, recordSetName, RecordType.A, recordSet, recordSet.Etag, cancellationToken : cancellationToken); _logger.LogInformation($"Success - {recordSetName}"); } catch (System.Exception e) { _logger.LogError(e, $"Failed - {recordSetName}"); } } }
public async Task UpdateFirewall(CancellationToken cancellationToken) { var serviceCreds = await ApplicationTokenProvider.LoginSilentAsync(_securityConfig.TenantId, _securityConfig.ClientId, _securityConfig.ClientSecret); var currentIp = await _ipAddressLookup.GetCurrentIdAsync(cancellationToken); var storClient = new StorageManagementClient(serviceCreds) { SubscriptionId = _securityConfig.SubscriptionId }; var sProp = storClient.StorageAccounts.GetProperties(_firewallConfig.ResourceGroupName, _firewallConfig.AccountName); var rules = sProp.NetworkRuleSet; var currentIpAddresses = string.Join(',', rules.IpRules.Select(r => r.IPAddressOrRange)); _logger.LogInformation("Current allowed IP addresses: {currentIpAddesses}", currentIpAddresses); if (!rules.IpRules.Any(r => r.IPAddressOrRange.Equals(currentIp))) { _logger.LogInformation("Updating with current IP address: {currentIp}", currentIp); var updateParam = new StorageAccountUpdateParameters { NetworkRuleSet = new NetworkRuleSet { DefaultAction = DefaultAction.Deny, ResourceAccessRules = new List <ResourceAccessRule>(), VirtualNetworkRules = new List <VirtualNetworkRule>(), IpRules = new List <IPRule> { new IPRule(currentIp, Action.Allow) }, Bypass = "******" } }; var rulesResponse = await storClient.StorageAccounts.UpdateAsync( _firewallConfig.ResourceGroupName, _firewallConfig.AccountName, updateParam, cancellationToken); } else { _logger.LogInformation("No need to update firewall rules, current IP address already present."); } }