From fb2d3928a9659eaf06d1a94e35bb59febd45c948 Mon Sep 17 00:00:00 2001
From: Joshua Loeffler <jloeffler@microsoft.com>
Date: Thu, 17 Nov 2022 11:03:43 -0500
Subject: [PATCH 1/2] Explicitly disable storage blob public access for
 workspace templates

---
 quickstart/101-machine-learning/workspace.tf                     | 1 +
 .../workspace.tf                                                 | 1 +
 quickstart/301-machine-learning-hub-spoke-secure/workspace.tf    | 1 +
 3 files changed, 3 insertions(+)

diff --git a/quickstart/101-machine-learning/workspace.tf b/quickstart/101-machine-learning/workspace.tf
index 0b018893..c60bcc5a 100644
--- a/quickstart/101-machine-learning/workspace.tf
+++ b/quickstart/101-machine-learning/workspace.tf
@@ -21,6 +21,7 @@ resource "azurerm_storage_account" "default" {
   resource_group_name      = azurerm_resource_group.default.name
   account_tier             = "Standard"
   account_replication_type = "GRS"
+  allow_nested_items_to_be_public = false
 }
 
 resource "azurerm_container_registry" "default" {
diff --git a/quickstart/202-machine-learning-moderately-secure-existing-VNet/workspace.tf b/quickstart/202-machine-learning-moderately-secure-existing-VNet/workspace.tf
index bda44146..fc0c7a68 100644
--- a/quickstart/202-machine-learning-moderately-secure-existing-VNet/workspace.tf
+++ b/quickstart/202-machine-learning-moderately-secure-existing-VNet/workspace.tf
@@ -26,6 +26,7 @@ resource "azurerm_storage_account" "default" {
   resource_group_name      = azurerm_resource_group.default.name
   account_tier             = "Standard"
   account_replication_type = "GRS"
+  allow_nested_items_to_be_public = false
 
   network_rules {
     default_action = "Deny"
diff --git a/quickstart/301-machine-learning-hub-spoke-secure/workspace.tf b/quickstart/301-machine-learning-hub-spoke-secure/workspace.tf
index ddf72ac1..c76745ed 100644
--- a/quickstart/301-machine-learning-hub-spoke-secure/workspace.tf
+++ b/quickstart/301-machine-learning-hub-spoke-secure/workspace.tf
@@ -27,6 +27,7 @@ resource "azurerm_storage_account" "default" {
   resource_group_name      = azurerm_resource_group.default.name
   account_tier             = "Standard"
   account_replication_type = "GRS"
+  allow_nested_items_to_be_public = false
 
   network_rules {
     default_action = "Deny"

From 665947ee0ef266f779d28d9f3fa593683d281799 Mon Sep 17 00:00:00 2001
From: Joshua Loeffler <jloeffler@microsoft.com>
Date: Thu, 17 Nov 2022 17:43:12 -0500
Subject: [PATCH 2/2] Fix formatting

---
 quickstart/101-machine-learning/workspace.tf           | 10 +++++-----
 .../workspace.tf                                       | 10 +++++-----
 .../301-machine-learning-hub-spoke-secure/workspace.tf | 10 +++++-----
 3 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/quickstart/101-machine-learning/workspace.tf b/quickstart/101-machine-learning/workspace.tf
index c60bcc5a..abaf806d 100644
--- a/quickstart/101-machine-learning/workspace.tf
+++ b/quickstart/101-machine-learning/workspace.tf
@@ -16,11 +16,11 @@ resource "azurerm_key_vault" "default" {
 }
 
 resource "azurerm_storage_account" "default" {
-  name                     = "st${var.name}${var.environment}"
-  location                 = azurerm_resource_group.default.location
-  resource_group_name      = azurerm_resource_group.default.name
-  account_tier             = "Standard"
-  account_replication_type = "GRS"
+  name                            = "st${var.name}${var.environment}"
+  location                        = azurerm_resource_group.default.location
+  resource_group_name             = azurerm_resource_group.default.name
+  account_tier                    = "Standard"
+  account_replication_type        = "GRS"
   allow_nested_items_to_be_public = false
 }
 
diff --git a/quickstart/202-machine-learning-moderately-secure-existing-VNet/workspace.tf b/quickstart/202-machine-learning-moderately-secure-existing-VNet/workspace.tf
index fc0c7a68..8d7d66c6 100644
--- a/quickstart/202-machine-learning-moderately-secure-existing-VNet/workspace.tf
+++ b/quickstart/202-machine-learning-moderately-secure-existing-VNet/workspace.tf
@@ -21,11 +21,11 @@ resource "azurerm_key_vault" "default" {
 }
 
 resource "azurerm_storage_account" "default" {
-  name                     = "st${var.name}${var.environment}"
-  location                 = azurerm_resource_group.default.location
-  resource_group_name      = azurerm_resource_group.default.name
-  account_tier             = "Standard"
-  account_replication_type = "GRS"
+  name                            = "st${var.name}${var.environment}"
+  location                        = azurerm_resource_group.default.location
+  resource_group_name             = azurerm_resource_group.default.name
+  account_tier                    = "Standard"
+  account_replication_type        = "GRS"
   allow_nested_items_to_be_public = false
 
   network_rules {
diff --git a/quickstart/301-machine-learning-hub-spoke-secure/workspace.tf b/quickstart/301-machine-learning-hub-spoke-secure/workspace.tf
index c76745ed..1b205537 100644
--- a/quickstart/301-machine-learning-hub-spoke-secure/workspace.tf
+++ b/quickstart/301-machine-learning-hub-spoke-secure/workspace.tf
@@ -22,11 +22,11 @@ resource "azurerm_key_vault" "default" {
 }
 
 resource "azurerm_storage_account" "default" {
-  name                     = "st${var.name}${var.environment}"
-  location                 = azurerm_resource_group.default.location
-  resource_group_name      = azurerm_resource_group.default.name
-  account_tier             = "Standard"
-  account_replication_type = "GRS"
+  name                            = "st${var.name}${var.environment}"
+  location                        = azurerm_resource_group.default.location
+  resource_group_name             = azurerm_resource_group.default.name
+  account_tier                    = "Standard"
+  account_replication_type        = "GRS"
   allow_nested_items_to_be_public = false
 
   network_rules {