You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by lf...@apache.org on 2020/09/29 09:39:06 UTC

[incubator-dlab] 02/02: [DLAB-1911]: changed edge security groups creation on azure

This is an automated email from the ASF dual-hosted git repository.

lfrolov pushed a commit to branch DLAB-1911
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git

commit d57a716afe4d35c6c9d76ec928c59217acf62db2
Author: leonidfrolov <fr...@gmail.com>
AuthorDate: Tue Sep 29 12:38:46 2020 +0300

    [DLAB-1911]: changed edge security groups creation on azure
---
 .../src/general/scripts/azure/project_prepare.py   | 78 ++++++++++++----------
 1 file changed, 43 insertions(+), 35 deletions(-)

diff --git a/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py b/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py
index e2d481d..6280b24 100644
--- a/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py
+++ b/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py
@@ -176,6 +176,14 @@ if __name__ == "__main__":
     try:
         logging.info('[CREATE SECURITY GROUP FOR EDGE NODE]')
         print('[CREATE SECURITY GROUP FOR EDGE]')
+        if os.environ['conf_allowed_ip_cidr'] != '0.0.0.0/0' and project_conf['endpoint_name'] == 'local':
+            ssn_public_ip = AzureMeta.get_instance_public_ip_address(project_conf['resource_group_name'], '{}-ssn'.format(project_conf['service_base_name']))
+            project_conf['allowed_ip_cidr'] = "{}, {}/32".format(project_conf['allowed_ip_cidr'], ssn_public_ip)
+        elif os.environ['conf_allowed_ip_cidr'] != '0.0.0.0/0' and project_conf['endpoint_name'] != 'local':
+            endpoint_public_ip = AzureMeta.get_instance_public_ip_address(project_conf['resource_group_name'] , '{}-{}-endpoint'.format(project_conf['service_base_name'], project_conf['endpoint_name']))
+            project_conf['allowed_ip_cidr'] = "{}, {}/32".format(project_conf['allowed_ip_cidr'], endpoint_public_ip)
+        else:
+            project_conf['allowed_ip_cidr'] = "*"
         edge_list_rules = [
             {
                 "name": "in-1",
@@ -192,46 +200,46 @@ if __name__ == "__main__":
                 "name": "in-2",
                 "protocol": "Tcp",
                 "source_port_range": "*",
-                "destination_port_range": "22",
-                "source_address_prefix": "*",
+                "destination_port_range": "22, 3128, 80, 443",
+                "source_address_prefix": project_conf['allowed_ip_cidr'],
                 "destination_address_prefix": "*",
                 "access": "Allow",
                 "priority": 110,
                 "direction": "Inbound"
             },
-            {
-                "name": "in-3",
-                "protocol": "Tcp",
-                "source_port_range": "*",
-                "destination_port_range": "3128",
-                "source_address_prefix": "*",
-                "destination_address_prefix": "*",
-                "access": "Allow",
-                "priority": 120,
-                "direction": "Inbound"
-            },
-            {
-                "name": "in-4",
-                "protocol": "Tcp",
-                "source_port_range": "*",
-                "destination_port_range": "80",
-                "source_address_prefix": "*",
-                "destination_address_prefix": "*",
-                "access": "Allow",
-                "priority": 130,
-                "direction": "Inbound"
-            },
-            {
-                "name": "in-5",
-                "protocol": "Tcp",
-                "source_port_range": "*",
-                "destination_port_range": "443",
-                "source_address_prefix": "*",
-                "destination_address_prefix": "*",
-                "access": "Allow",
-                "priority": 140,
-                "direction": "Inbound"
-            },
+            #{
+            #    "name": "in-3",
+            #    "protocol": "Tcp",
+            #    "source_port_range": "*",
+            #    "destination_port_range": "3128",
+            #    "source_address_prefix": "*",
+            #    "destination_address_prefix": "*",
+            #   "access": "Allow",
+            #    "priority": 120,
+            #    "direction": "Inbound"
+            #},
+            #{
+            #    "name": "in-4",
+            #    "protocol": "Tcp",
+            #    "source_port_range": "*",
+            #    "destination_port_range": "80",
+            #    "source_address_prefix": "*",
+            #    "destination_address_prefix": "*",
+            #    "access": "Allow",
+            #    "priority": 130,
+            #    "direction": "Inbound"
+            #},
+            #{
+            #    "name": "in-5",
+            #    "protocol": "Tcp",
+            #    "source_port_range": "*",
+            #    "destination_port_range": "443",
+            #    "source_address_prefix": "*",
+            #    "destination_address_prefix": "*",
+            #    "access": "Allow",
+            #    "priority": 140,
+            #    "direction": "Inbound"
+            #},
             {
                 "name": "out-1",
                 "protocol": "Tcp",


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org