You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by lf...@apache.org on 2020/09/29 09:39:06 UTC
[incubator-dlab] 02/02: [DLAB-1911]: changed edge security groups
creation on azure
This is an automated email from the ASF dual-hosted git repository.
lfrolov pushed a commit to branch DLAB-1911
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit d57a716afe4d35c6c9d76ec928c59217acf62db2
Author: leonidfrolov <fr...@gmail.com>
AuthorDate: Tue Sep 29 12:38:46 2020 +0300
[DLAB-1911]: changed edge security groups creation on azure
---
.../src/general/scripts/azure/project_prepare.py | 78 ++++++++++++----------
1 file changed, 43 insertions(+), 35 deletions(-)
diff --git a/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py b/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py
index e2d481d..6280b24 100644
--- a/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py
+++ b/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py
@@ -176,6 +176,14 @@ if __name__ == "__main__":
try:
logging.info('[CREATE SECURITY GROUP FOR EDGE NODE]')
print('[CREATE SECURITY GROUP FOR EDGE]')
+ if os.environ['conf_allowed_ip_cidr'] != '0.0.0.0/0' and project_conf['endpoint_name'] == 'local':
+ ssn_public_ip = AzureMeta.get_instance_public_ip_address(project_conf['resource_group_name'], '{}-ssn'.format(project_conf['service_base_name']))
+ project_conf['allowed_ip_cidr'] = "{}, {}/32".format(project_conf['allowed_ip_cidr'], ssn_public_ip)
+ elif os.environ['conf_allowed_ip_cidr'] != '0.0.0.0/0' and project_conf['endpoint_name'] != 'local':
+ endpoint_public_ip = AzureMeta.get_instance_public_ip_address(project_conf['resource_group_name'] , '{}-{}-endpoint'.format(project_conf['service_base_name'], project_conf['endpoint_name']))
+ project_conf['allowed_ip_cidr'] = "{}, {}/32".format(project_conf['allowed_ip_cidr'], endpoint_public_ip)
+ else:
+ project_conf['allowed_ip_cidr'] = "*"
edge_list_rules = [
{
"name": "in-1",
@@ -192,46 +200,46 @@ if __name__ == "__main__":
"name": "in-2",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "22",
- "source_address_prefix": "*",
+ "destination_port_range": "22, 3128, 80, 443",
+ "source_address_prefix": project_conf['allowed_ip_cidr'],
"destination_address_prefix": "*",
"access": "Allow",
"priority": 110,
"direction": "Inbound"
},
- {
- "name": "in-3",
- "protocol": "Tcp",
- "source_port_range": "*",
- "destination_port_range": "3128",
- "source_address_prefix": "*",
- "destination_address_prefix": "*",
- "access": "Allow",
- "priority": 120,
- "direction": "Inbound"
- },
- {
- "name": "in-4",
- "protocol": "Tcp",
- "source_port_range": "*",
- "destination_port_range": "80",
- "source_address_prefix": "*",
- "destination_address_prefix": "*",
- "access": "Allow",
- "priority": 130,
- "direction": "Inbound"
- },
- {
- "name": "in-5",
- "protocol": "Tcp",
- "source_port_range": "*",
- "destination_port_range": "443",
- "source_address_prefix": "*",
- "destination_address_prefix": "*",
- "access": "Allow",
- "priority": 140,
- "direction": "Inbound"
- },
+ #{
+ # "name": "in-3",
+ # "protocol": "Tcp",
+ # "source_port_range": "*",
+ # "destination_port_range": "3128",
+ # "source_address_prefix": "*",
+ # "destination_address_prefix": "*",
+ # "access": "Allow",
+ # "priority": 120,
+ # "direction": "Inbound"
+ #},
+ #{
+ # "name": "in-4",
+ # "protocol": "Tcp",
+ # "source_port_range": "*",
+ # "destination_port_range": "80",
+ # "source_address_prefix": "*",
+ # "destination_address_prefix": "*",
+ # "access": "Allow",
+ # "priority": 130,
+ # "direction": "Inbound"
+ #},
+ #{
+ # "name": "in-5",
+ # "protocol": "Tcp",
+ # "source_port_range": "*",
+ # "destination_port_range": "443",
+ # "source_address_prefix": "*",
+ # "destination_address_prefix": "*",
+ # "access": "Allow",
+ # "priority": 140,
+ # "direction": "Inbound"
+ #},
{
"name": "out-1",
"protocol": "Tcp",
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org