From d9edf6b4472bd4549c2deed328ef346eb7289bb9 Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik.i.sundell@gmail.com>
Date: Fri, 5 Jan 2024 19:16:34 +0100
Subject: [PATCH] terraform, azure: add note on handling a 403 when using
 terraform

---
 terraform/azure/storage.tf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/terraform/azure/storage.tf b/terraform/azure/storage.tf
index 7f6b43cedb..2fc97b7ea9 100644
--- a/terraform/azure/storage.tf
+++ b/terraform/azure/storage.tf
@@ -12,6 +12,12 @@ resource "azurerm_storage_account" "homes" {
 
   network_rules {
     # Allow NFS access only from our nodes, deny access from all other networks
+    #
+    # Use of terraform plan or apply can run into issues due to this, but they
+    # can be handled by temporarily adding your public IP to a firewall
+    # exception like described in
+    # https://github.com/2i2c-org/infrastructure/issues/890#issuecomment-1879072422.
+    #
     default_action = "Deny"
     virtual_network_subnet_ids = [
       azurerm_subnet.node_subnet.id