You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by my...@apache.org on 2019/12/10 09:26:05 UTC
[incubator-dlab] 01/01: [DLAB-1363] - SSO implementation,
EDGE node egress rules for AWS and Azure fixed
This is an automated email from the ASF dual-hosted git repository.
mykolabodnar pushed a commit to branch DLAB-1363
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit 8eb9afdafe6a9ef86a64ba8bf8322fd7bca38ed9
Author: Mykola_Bodnar1 <bo...@gmail.com>
AuthorDate: Tue Dec 10 11:25:38 2019 +0200
[DLAB-1363] - SSO implementation, EDGE node egress rules for AWS and Azure fixed
---
.../src/general/scripts/aws/project_prepare.py | 7 ---
.../src/general/scripts/azure/project_prepare.py | 56 +++++++++-------------
2 files changed, 22 insertions(+), 41 deletions(-)
diff --git a/infrastructure-provisioning/src/general/scripts/aws/project_prepare.py b/infrastructure-provisioning/src/general/scripts/aws/project_prepare.py
index 47e0408..a5e8a79 100644
--- a/infrastructure-provisioning/src/general/scripts/aws/project_prepare.py
+++ b/infrastructure-provisioning/src/general/scripts/aws/project_prepare.py
@@ -99,7 +99,6 @@ if __name__ == "__main__":
project_conf['zone'] = os.environ['aws_region'] + os.environ['aws_zone']
project_conf['elastic_ip_name'] = '{0}-{1}-edge-EIP'.format(project_conf['service_base_name'],
os.environ['project_name'])
- project_conf['keycloak_host'] = ''.join(re.findall(r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b", os.environ['keycloak_auth_server_url'])) + "/32"
project_conf['provision_instance_ip'] = None
try:
project_conf['provision_instance_ip'] = get_instance_ip_address(
@@ -369,12 +368,6 @@ if __name__ == "__main__":
"FromPort": 389,
"IpRanges": [{"CidrIp": project_conf['all_ip_cidr']}],
"ToPort": 389, "IpProtocol": "tcp", "UserIdGroupPairs": []
- },
- {
- "PrefixListIds": [],
- "FromPort": 8080,
- "IpRanges": [{"CidrIp": project_conf['keycloak_host']}],
- "ToPort": 8080, "IpProtocol": "tcp", "UserIdGroupPairs": []
}
])
params = "--name {} --vpc_id {} --security_group_rules '{}' --infra_tag_name {} --infra_tag_value {} \
diff --git a/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py b/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py
index a182de7..f49e97e 100644
--- a/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py
+++ b/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py
@@ -97,7 +97,6 @@ if __name__ == "__main__":
"endpoint_tag": project_conf['endpoint_tag'],
os.environ['conf_billing_tag_key']: os.environ['conf_billing_tag_value']}
project_conf['primary_disk_size'] = '32'
- project_conf['keycloak_host'] = ''.join(re.findall(r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b", os.environ['keycloak_auth_server_url'])) + "/32"
# FUSE in case of absence of user's key
try:
@@ -228,9 +227,9 @@ if __name__ == "__main__":
"name": "out-4",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "8080",
+ "destination_port_range": "8787",
"source_address_prefix": "*",
- "destination_address_prefix": project_conf['keycloak_host'],
+ "destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
"priority": 130,
"direction": "Outbound"
@@ -239,7 +238,7 @@ if __name__ == "__main__":
"name": "out-5",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "8787",
+ "destination_port_range": "6006",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
@@ -250,7 +249,7 @@ if __name__ == "__main__":
"name": "out-6",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "6006",
+ "destination_port_range": "20888",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
@@ -261,7 +260,7 @@ if __name__ == "__main__":
"name": "out-7",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "20888",
+ "destination_port_range": "8088",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
@@ -272,7 +271,7 @@ if __name__ == "__main__":
"name": "out-8",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "8088",
+ "destination_port_range": "18080",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
@@ -283,7 +282,7 @@ if __name__ == "__main__":
"name": "out-9",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "18080",
+ "destination_port_range": "50070",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
@@ -294,7 +293,7 @@ if __name__ == "__main__":
"name": "out-10",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "50070",
+ "destination_port_range": "8085",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
@@ -305,7 +304,7 @@ if __name__ == "__main__":
"name": "out-11",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "8085",
+ "destination_port_range": "8081",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
@@ -316,7 +315,7 @@ if __name__ == "__main__":
"name": "out-12",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "8081",
+ "destination_port_range": "4040-4140",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
@@ -325,83 +324,72 @@ if __name__ == "__main__":
},
{
"name": "out-13",
- "protocol": "Tcp",
- "source_port_range": "*",
- "destination_port_range": "4040-4140",
- "source_address_prefix": "*",
- "destination_address_prefix": project_conf['private_subnet_cidr'],
- "access": "Allow",
- "priority": 220,
- "direction": "Outbound"
- },
- {
- "name": "out-14",
"protocol": "Udp",
"source_port_range": "*",
"destination_port_range": "53",
"source_address_prefix": '*',
"destination_address_prefix": "*",
"access": "Allow",
- "priority": 230,
+ "priority": 220,
"direction": "Outbound"
},
{
- "name": "out-15",
+ "name": "out-14",
"protocol": "Tcp",
"source_port_range": "*",
"destination_port_range": "80",
"source_address_prefix": '*',
"destination_address_prefix": "*",
"access": "Allow",
- "priority": 240,
+ "priority": 230,
"direction": "Outbound"
},
{
- "name": "out-16",
+ "name": "out-15",
"protocol": "Tcp",
"source_port_range": "*",
"destination_port_range": "443",
"source_address_prefix": '*',
"destination_address_prefix": "*",
"access": "Allow",
- "priority": 250,
+ "priority": 240,
"direction": "Outbound"
},
{
- "name": "out-17",
+ "name": "out-16",
"protocol": "Tcp",
"source_port_range": "*",
"destination_port_range": "389",
"source_address_prefix": '*',
"destination_address_prefix": "*",
"access": "Allow",
- "priority": 260,
+ "priority": 250,
"direction": "Outbound"
},
{
- "name": "out-18",
+ "name": "out-17",
"protocol": "Tcp",
"source_port_range": "*",
"destination_port_range": "8042",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
- "priority": 270,
+ "priority": 260,
"direction": "Outbound"
},
{
- "name": "out-19",
+ "name": "out-18",
"protocol": "Udp",
"source_port_range": "*",
"destination_port_range": "123",
"source_address_prefix": "*",
"destination_address_prefix": "*",
"access": "Allow",
- "priority": 280,
+ "priority": 270,
"direction": "Outbound"
},
{
- "name": "out-20",
+ "name": "out-19",
"protocol": "*",
"source_port_range": "*",
"destination_port_range": "*",
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org