This is an automated email from the ASF dual-hosted git repository. mykolabodnar pushed a commit to branch DLAB-1363 in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit 8eb9afdafe6a9ef86a64ba8bf8322fd7bca38ed9 Author: Mykola_Bodnar1 <bodnarmyk...@gmail.com> AuthorDate: Tue Dec 10 11:25:38 2019 +0200 [DLAB-1363] - SSO implementation, EDGE node egress rules for AWS and Azure fixed --- .../src/general/scripts/aws/project_prepare.py | 7 --- .../src/general/scripts/azure/project_prepare.py | 56 +++++++++------------- 2 files changed, 22 insertions(+), 41 deletions(-) diff --git a/infrastructure-provisioning/src/general/scripts/aws/project_prepare.py b/infrastructure-provisioning/src/general/scripts/aws/project_prepare.py index 47e0408..a5e8a79 100644 --- a/infrastructure-provisioning/src/general/scripts/aws/project_prepare.py +++ b/infrastructure-provisioning/src/general/scripts/aws/project_prepare.py @@ -99,7 +99,6 @@ if __name__ == "__main__": project_conf['zone'] = os.environ['aws_region'] + os.environ['aws_zone'] project_conf['elastic_ip_name'] = '{0}-{1}-edge-EIP'.format(project_conf['service_base_name'], os.environ['project_name']) - project_conf['keycloak_host'] = ''.join(re.findall(r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b", os.environ['keycloak_auth_server_url'])) + "/32" project_conf['provision_instance_ip'] = None try: project_conf['provision_instance_ip'] = get_instance_ip_address( @@ -369,12 +368,6 @@ if __name__ == "__main__": "FromPort": 389, "IpRanges": [{"CidrIp": project_conf['all_ip_cidr']}], "ToPort": 389, "IpProtocol": "tcp", "UserIdGroupPairs": [] - }, - { - "PrefixListIds": [], - "FromPort": 8080, - "IpRanges": [{"CidrIp": project_conf['keycloak_host']}], - "ToPort": 8080, "IpProtocol": "tcp", "UserIdGroupPairs": [] } ]) params = "--name {} --vpc_id {} --security_group_rules '{}' --infra_tag_name {} --infra_tag_value {} \ diff --git a/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py b/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py index a182de7..f49e97e 100644 --- a/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py +++ b/infrastructure-provisioning/src/general/scripts/azure/project_prepare.py @@ -97,7 +97,6 @@ if __name__ == "__main__": "endpoint_tag": project_conf['endpoint_tag'], os.environ['conf_billing_tag_key']: os.environ['conf_billing_tag_value']} project_conf['primary_disk_size'] = '32' - project_conf['keycloak_host'] = ''.join(re.findall(r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b", os.environ['keycloak_auth_server_url'])) + "/32" # FUSE in case of absence of user's key try: @@ -228,9 +227,9 @@ if __name__ == "__main__": "name": "out-4", "protocol": "Tcp", "source_port_range": "*", - "destination_port_range": "8080", + "destination_port_range": "8787", "source_address_prefix": "*", - "destination_address_prefix": project_conf['keycloak_host'], + "destination_address_prefix": project_conf['private_subnet_cidr'], "access": "Allow", "priority": 130, "direction": "Outbound" @@ -239,7 +238,7 @@ if __name__ == "__main__": "name": "out-5", "protocol": "Tcp", "source_port_range": "*", - "destination_port_range": "8787", + "destination_port_range": "6006", "source_address_prefix": "*", "destination_address_prefix": project_conf['private_subnet_cidr'], "access": "Allow", @@ -250,7 +249,7 @@ if __name__ == "__main__": "name": "out-6", "protocol": "Tcp", "source_port_range": "*", - "destination_port_range": "6006", + "destination_port_range": "20888", "source_address_prefix": "*", "destination_address_prefix": project_conf['private_subnet_cidr'], "access": "Allow", @@ -261,7 +260,7 @@ if __name__ == "__main__": "name": "out-7", "protocol": "Tcp", "source_port_range": "*", - "destination_port_range": "20888", + "destination_port_range": "8088", "source_address_prefix": "*", "destination_address_prefix": project_conf['private_subnet_cidr'], "access": "Allow", @@ -272,7 +271,7 @@ if __name__ == "__main__": "name": "out-8", "protocol": "Tcp", "source_port_range": "*", - "destination_port_range": "8088", + "destination_port_range": "18080", "source_address_prefix": "*", "destination_address_prefix": project_conf['private_subnet_cidr'], "access": "Allow", @@ -283,7 +282,7 @@ if __name__ == "__main__": "name": "out-9", "protocol": "Tcp", "source_port_range": "*", - "destination_port_range": "18080", + "destination_port_range": "50070", "source_address_prefix": "*", "destination_address_prefix": project_conf['private_subnet_cidr'], "access": "Allow", @@ -294,7 +293,7 @@ if __name__ == "__main__": "name": "out-10", "protocol": "Tcp", "source_port_range": "*", - "destination_port_range": "50070", + "destination_port_range": "8085", "source_address_prefix": "*", "destination_address_prefix": project_conf['private_subnet_cidr'], "access": "Allow", @@ -305,7 +304,7 @@ if __name__ == "__main__": "name": "out-11", "protocol": "Tcp", "source_port_range": "*", - "destination_port_range": "8085", + "destination_port_range": "8081", "source_address_prefix": "*", "destination_address_prefix": project_conf['private_subnet_cidr'], "access": "Allow", @@ -316,7 +315,7 @@ if __name__ == "__main__": "name": "out-12", "protocol": "Tcp", "source_port_range": "*", - "destination_port_range": "8081", + "destination_port_range": "4040-4140", "source_address_prefix": "*", "destination_address_prefix": project_conf['private_subnet_cidr'], "access": "Allow", @@ -325,83 +324,72 @@ if __name__ == "__main__": }, { "name": "out-13", - "protocol": "Tcp", - "source_port_range": "*", - "destination_port_range": "4040-4140", - "source_address_prefix": "*", - "destination_address_prefix": project_conf['private_subnet_cidr'], - "access": "Allow", - "priority": 220, - "direction": "Outbound" - }, - { - "name": "out-14", "protocol": "Udp", "source_port_range": "*", "destination_port_range": "53", "source_address_prefix": '*', "destination_address_prefix": "*", "access": "Allow", - "priority": 230, + "priority": 220, "direction": "Outbound" }, { - "name": "out-15", + "name": "out-14", "protocol": "Tcp", "source_port_range": "*", "destination_port_range": "80", "source_address_prefix": '*', "destination_address_prefix": "*", "access": "Allow", - "priority": 240, + "priority": 230, "direction": "Outbound" }, { - "name": "out-16", + "name": "out-15", "protocol": "Tcp", "source_port_range": "*", "destination_port_range": "443", "source_address_prefix": '*', "destination_address_prefix": "*", "access": "Allow", - "priority": 250, + "priority": 240, "direction": "Outbound" }, { - "name": "out-17", + "name": "out-16", "protocol": "Tcp", "source_port_range": "*", "destination_port_range": "389", "source_address_prefix": '*', "destination_address_prefix": "*", "access": "Allow", - "priority": 260, + "priority": 250, "direction": "Outbound" }, { - "name": "out-18", + "name": "out-17", "protocol": "Tcp", "source_port_range": "*", "destination_port_range": "8042", "source_address_prefix": "*", "destination_address_prefix": project_conf['private_subnet_cidr'], "access": "Allow", - "priority": 270, + "priority": 260, "direction": "Outbound" }, { - "name": "out-19", + "name": "out-18", "protocol": "Udp", "source_port_range": "*", "destination_port_range": "123", "source_address_prefix": "*", "destination_address_prefix": "*", "access": "Allow", - "priority": 280, + "priority": 270, "direction": "Outbound" }, { - "name": "out-20", + "name": "out-19", "protocol": "*", "source_port_range": "*", "destination_port_range": "*", --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@dlab.apache.org For additional commands, e-mail: commits-h...@dlab.apache.org