You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by my...@apache.org on 2019/12/10 09:26:04 UTC
[incubator-dlab] branch DLAB-1363 created (now 8eb9afd)
This is an automated email from the ASF dual-hosted git repository.
mykolabodnar pushed a change to branch DLAB-1363
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git.
at 8eb9afd [DLAB-1363] - SSO implementation, EDGE node egress rules for AWS and Azure fixed
This branch includes the following new commits:
new 8eb9afd [DLAB-1363] - SSO implementation, EDGE node egress rules for AWS and Azure fixed
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org
[incubator-dlab] 01/01: [DLAB-1363] - SSO implementation,
EDGE node egress rules for AWS and Azure fixed
Posted by my...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mykolabodnar pushed a commit to branch DLAB-1363
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit 8eb9afdafe6a9ef86a64ba8bf8322fd7bca38ed9
Author: Mykola_Bodnar1 <bo...@gmail.com>
AuthorDate: Tue Dec 10 11:25:38 2019 +0200
[DLAB-1363] - SSO implementation, EDGE node egress rules for AWS and Azure fixed
---
.../src/general/scripts/aws/project_prepare.py | 7 ---
.../src/general/scripts/azure/project_prepare.py | 56 +++++++++-------------
2 files changed, 22 insertions(+), 41 deletions(-)
diff --git a/infrastructure-provisioning/src/general/scripts/aws/project_prepare.py b/infrastructure-provisioning/src/general/scripts/aws/project_prepare.py
index 47e0408..a5e8a79 100644
--- a/infrastructure-provisioning/src/general/scripts/aws/project_prepare.py
+++ b/infrastructure-provisioning/src/general/scripts/aws/project_prepare.py
@@ -99,7 +99,6 @@ if __name__ == "__main__":
project_conf['zone'] = os.environ['aws_region'] + os.environ['aws_zone']
project_conf['elastic_ip_name'] = '{0}-{1}-edge-EIP'.format(project_conf['service_base_name'],
os.environ['project_name'])
- project_conf['keycloak_host'] = ''.join(re.findall(r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b", os.environ['keycloak_auth_server_url'])) + "/32"
project_conf['provision_instance_ip'] = None
try:
project_conf['provision_instance_ip'] = get_instance_ip_address(
@@ -369,12 +368,6 @@ if __name__ == "__main__":
"FromPort": 389,
"IpRanges": [{"CidrIp": project_conf['all_ip_cidr']}],
"ToPort": 389, "IpProtocol": "tcp", "UserIdGroupPairs": []
- },
- {
- "PrefixListIds": [],
- "FromPort": 8080,
- "IpRanges": [{"CidrIp": project_conf['keycloak_host']}],
- "ToPort": 8080, "IpProtocol": "tcp", "UserIdGroupPairs": []
}
])
params = "--name {} --vpc_id {} --security_group_rules '{}' --infra_tag_name {} --infra_tag_value {} \
diff --git a/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py b/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py
index a182de7..f49e97e 100644
--- a/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py
+++ b/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py
@@ -97,7 +97,6 @@ if __name__ == "__main__":
"endpoint_tag": project_conf['endpoint_tag'],
os.environ['conf_billing_tag_key']: os.environ['conf_billing_tag_value']}
project_conf['primary_disk_size'] = '32'
- project_conf['keycloak_host'] = ''.join(re.findall(r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b", os.environ['keycloak_auth_server_url'])) + "/32"
# FUSE in case of absence of user's key
try:
@@ -228,9 +227,9 @@ if __name__ == "__main__":
"name": "out-4",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "8080",
+ "destination_port_range": "8787",
"source_address_prefix": "*",
- "destination_address_prefix": project_conf['keycloak_host'],
+ "destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
"priority": 130,
"direction": "Outbound"
@@ -239,7 +238,7 @@ if __name__ == "__main__":
"name": "out-5",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "8787",
+ "destination_port_range": "6006",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
@@ -250,7 +249,7 @@ if __name__ == "__main__":
"name": "out-6",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "6006",
+ "destination_port_range": "20888",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
@@ -261,7 +260,7 @@ if __name__ == "__main__":
"name": "out-7",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "20888",
+ "destination_port_range": "8088",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
@@ -272,7 +271,7 @@ if __name__ == "__main__":
"name": "out-8",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "8088",
+ "destination_port_range": "18080",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
@@ -283,7 +282,7 @@ if __name__ == "__main__":
"name": "out-9",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "18080",
+ "destination_port_range": "50070",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
@@ -294,7 +293,7 @@ if __name__ == "__main__":
"name": "out-10",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "50070",
+ "destination_port_range": "8085",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
@@ -305,7 +304,7 @@ if __name__ == "__main__":
"name": "out-11",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "8085",
+ "destination_port_range": "8081",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
@@ -316,7 +315,7 @@ if __name__ == "__main__":
"name": "out-12",
"protocol": "Tcp",
"source_port_range": "*",
- "destination_port_range": "8081",
+ "destination_port_range": "4040-4140",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
@@ -325,83 +324,72 @@ if __name__ == "__main__":
},
{
"name": "out-13",
- "protocol": "Tcp",
- "source_port_range": "*",
- "destination_port_range": "4040-4140",
- "source_address_prefix": "*",
- "destination_address_prefix": project_conf['private_subnet_cidr'],
- "access": "Allow",
- "priority": 220,
- "direction": "Outbound"
- },
- {
- "name": "out-14",
"protocol": "Udp",
"source_port_range": "*",
"destination_port_range": "53",
"source_address_prefix": '*',
"destination_address_prefix": "*",
"access": "Allow",
- "priority": 230,
+ "priority": 220,
"direction": "Outbound"
},
{
- "name": "out-15",
+ "name": "out-14",
"protocol": "Tcp",
"source_port_range": "*",
"destination_port_range": "80",
"source_address_prefix": '*',
"destination_address_prefix": "*",
"access": "Allow",
- "priority": 240,
+ "priority": 230,
"direction": "Outbound"
},
{
- "name": "out-16",
+ "name": "out-15",
"protocol": "Tcp",
"source_port_range": "*",
"destination_port_range": "443",
"source_address_prefix": '*',
"destination_address_prefix": "*",
"access": "Allow",
- "priority": 250,
+ "priority": 240,
"direction": "Outbound"
},
{
- "name": "out-17",
+ "name": "out-16",
"protocol": "Tcp",
"source_port_range": "*",
"destination_port_range": "389",
"source_address_prefix": '*',
"destination_address_prefix": "*",
"access": "Allow",
- "priority": 260,
+ "priority": 250,
"direction": "Outbound"
},
{
- "name": "out-18",
+ "name": "out-17",
"protocol": "Tcp",
"source_port_range": "*",
"destination_port_range": "8042",
"source_address_prefix": "*",
"destination_address_prefix": project_conf['private_subnet_cidr'],
"access": "Allow",
- "priority": 270,
+ "priority": 260,
"direction": "Outbound"
},
{
- "name": "out-19",
+ "name": "out-18",
"protocol": "Udp",
"source_port_range": "*",
"destination_port_range": "123",
"source_address_prefix": "*",
"destination_address_prefix": "*",
"access": "Allow",
- "priority": 280,
+ "priority": 270,
"direction": "Outbound"
},
{
- "name": "out-20",
+ "name": "out-19",
"protocol": "*",
"source_port_range": "*",
"destination_port_range": "*",
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org