@drunk-pulumi/azure 1.0.49 → 1.0.50
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/VNet/FirewallPolicies/AksFirewallPolicy.d.ts +1 -1
- package/VNet/FirewallPolicies/CFTunnelFirewallPolicy.js +5 -2
- package/VNet/FirewallPolicies/CloudPCFirewallPolicy.d.ts +2 -1
- package/VNet/FirewallPolicies/CloudPCFirewallPolicy.js +12 -2
- package/VNet/FirewallPolicies/UbuntuFirewallPolicy.d.ts +9 -0
- package/VNet/FirewallPolicies/UbuntuFirewallPolicy.js +76 -0
- package/VNet/FirewallPolicies/index.d.ts +5 -4
- package/VNet/FirewallPolicies/index.js +4 -2
- package/package.json +3 -3
|
@@ -11,7 +11,7 @@ interface AzureFirewallPolicyProps {
|
|
|
11
11
|
name: string;
|
|
12
12
|
allowHttp?: boolean;
|
|
13
13
|
publicIpAddresses: Input<string>[];
|
|
14
|
-
/** Default value is '*' and it will
|
|
14
|
+
/** Default value is '*' and it will allow all incoming requests */
|
|
15
15
|
sourceIpAddress?: Input<string>;
|
|
16
16
|
internalIpAddress: Input<string>;
|
|
17
17
|
}
|
|
@@ -55,8 +55,11 @@ exports.default = ({ name = 'cf-tunnel', priority, cloudflareSubnetSpaces, inter
|
|
|
55
55
|
'*.cftunnel.com',
|
|
56
56
|
'*.cloudflareaccess.com',
|
|
57
57
|
'*.cloudflareresearch.com',
|
|
58
|
-
'github.com',
|
|
59
58
|
'docker.io',
|
|
59
|
+
'github.com',
|
|
60
|
+
'*.githubassets.com',
|
|
61
|
+
'*.githubusercontent.com',
|
|
62
|
+
'*.googleapis.com',
|
|
60
63
|
],
|
|
61
64
|
protocols: [
|
|
62
65
|
{ protocolType: 'Https', port: 443 },
|
|
@@ -69,4 +72,4 @@ exports.default = ({ name = 'cf-tunnel', priority, cloudflareSubnetSpaces, inter
|
|
|
69
72
|
action: 'Allow',
|
|
70
73
|
});
|
|
71
74
|
};
|
|
72
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
75
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ0ZUdW5uZWxGaXJld2FsbFBvbGljeS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9WTmV0L0ZpcmV3YWxsUG9saWNpZXMvQ0ZUdW5uZWxGaXJld2FsbFBvbGljeS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQU1BLHNEQUF3RDtBQVV4RCxrQkFBZSxDQUFDLEVBQ2QsSUFBSSxHQUFHLFdBQVcsRUFDbEIsUUFBUSxFQUNSLHNCQUFzQixFQUN0QixvQkFBb0IsRUFDcEIsYUFBYSxHQUFHLENBQUMsS0FBSyxFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsTUFBTSxDQUFDLEdBQ3JDLEVBQXVDLEVBQUU7SUFDL0MsTUFBTSxRQUFRLEdBQUcsSUFBSSxLQUFLLEVBQTBCLENBQUM7SUFDckQsTUFBTSxRQUFRLEdBQUcsSUFBSSxLQUFLLEVBQThCLENBQUM7SUFFekQsUUFBUSxDQUFDLElBQUksQ0FBQztRQUNaLFFBQVEsRUFBRSxhQUFhO1FBQ3ZCLElBQUksRUFBRSxHQUFHLElBQUksd0JBQXdCO1FBQ3JDLFdBQVcsRUFBRSwyQ0FBMkM7UUFDeEQsV0FBVyxFQUFFLENBQUMsS0FBSyxFQUFFLEtBQUssQ0FBQztRQUMzQixlQUFlLEVBQUUsc0JBQXNCO1FBQ3ZDLG9CQUFvQixFQUFFO1lBQ3BCLGdCQUFnQjtZQUNoQixlQUFlO1lBQ2YsZUFBZTtZQUNmLGdCQUFnQjtZQUNoQixlQUFlO1lBQ2YsY0FBYztZQUNkLGdCQUFnQjtZQUNoQixlQUFlO1lBQ2YsZUFBZTtZQUNmLGVBQWU7WUFDZixlQUFlO1lBQ2YsZ0JBQWdCO1lBQ2hCLGVBQWU7WUFDZixnQkFBZ0I7WUFDaEIsZUFBZTtZQUNmLGVBQWU7WUFDZixnQkFBZ0I7WUFDaEIsZUFBZTtZQUNmLGVBQWU7WUFDZixlQUFlO1NBQ2hCO1FBQ0QsZ0JBQWdCLEVBQUUsQ0FBQyxNQUFNLENBQUM7S0FDM0IsQ0FBQyxDQUFDO0lBRUgsSUFBSSxvQkFBb0IsRUFBRSxDQUFDO1FBQ3pCLFFBQVEsQ0FBQyxJQUFJLENBQUM7WUFDWixRQUFRLEVBQUUsYUFBYTtZQUN2QixJQUFJLEVBQUUsR0FBRyxJQUFJLHNCQUFzQjtZQUNuQyxXQUFXLEVBQUUsaURBQWlEO1lBQzlELFdBQVcsRUFBRSxDQUFDLEtBQUssRUFBRSxLQUFLLENBQUM7WUFDM0IsZUFBZSxFQUFFLHNCQUFzQjtZQUN2QyxvQkFBb0IsRUFBRSxvQkFBb0I7WUFDMUMsZ0JBQWdCLEVBQUUsYUFBYTtTQUNoQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsUUFBUSxDQUFDLElBQUksQ0FBQztRQUNaLFFBQVEsRUFBRSxpQkFBaUI7UUFDM0IsSUFBSSxFQUFFLEdBQUcsSUFBSSx1QkFBdUI7UUFDcEMsV0FBVyxFQUFFLDJDQUEyQztRQUN4RCxlQUFlLEVBQUUsc0JBQXNCO1FBQ3ZDLFdBQVcsRUFBRTtZQUNYLGtCQUFrQjtZQUNsQixnQkFBZ0I7WUFDaEIsd0JBQXdCO1lBQ3hCLDBCQUEwQjtZQUMxQixXQUFXO1lBQ1gsWUFBWTtZQUNaLG9CQUFvQjtZQUNwQix5QkFBeUI7WUFDekIsa0JBQWtCO1NBQ25CO1FBQ0QsU0FBUyxFQUFFO1lBQ1QsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUU7WUFDcEMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxJQUFJLEVBQUU7U0FDdEM7S0FDRixDQUFDLENBQUM7SUFFSCxPQUFPLElBQUEsb0NBQW1CLEVBQUM7UUFDekIsTUFBTSxFQUFFLEVBQUUsSUFBSSxFQUFFLEdBQUcsSUFBSSxrQkFBa0IsRUFBRSxRQUFRLEVBQUUsUUFBUSxFQUFFO1FBQy9ELFFBQVE7UUFDUixNQUFNLEVBQUUsT0FBTztLQUNoQixDQUFDLENBQUM7QUFDTCxDQUFDLENBQUMifQ==
|
|
@@ -13,6 +13,7 @@ interface Props {
|
|
|
13
13
|
allowsSearch?: boolean;
|
|
14
14
|
allowsOffice365?: boolean;
|
|
15
15
|
allowsWindows365?: boolean;
|
|
16
|
+
allowsJetbrains?: boolean;
|
|
16
17
|
}
|
|
17
|
-
declare const _default: ({ name, priority, subnetSpaces, allowsOffice365, allowsWindows365, allowsAzure, allowsAzDevOps, allowsK8sTools, allowsDevTools, allowIpCheckApi, allowsSearch, allowAllOutbound, }: Props) => FirewallPolicyRuleCollectionResults;
|
|
18
|
+
declare const _default: ({ name, priority, subnetSpaces, allowsOffice365, allowsWindows365, allowsAzure, allowsAzDevOps, allowsK8sTools, allowsDevTools, allowIpCheckApi, allowsSearch, allowAllOutbound, allowsJetbrains, }: Props) => FirewallPolicyRuleCollectionResults;
|
|
18
19
|
export default _default;
|
|
@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
const Common_1 = require("../../Common");
|
|
4
4
|
const FirewallPolicy_1 = require("../FirewallPolicy");
|
|
5
5
|
//https://www.robtex.com/dns-lookup/global.azure-devices-provisioning.net
|
|
6
|
-
exports.default = ({ name = 'cloud-pc', priority, subnetSpaces, allowsOffice365, allowsWindows365, allowsAzure, allowsAzDevOps, allowsK8sTools, allowsDevTools, allowIpCheckApi, allowsSearch, allowAllOutbound, }) => {
|
|
6
|
+
exports.default = ({ name = 'cloud-pc', priority, subnetSpaces, allowsOffice365, allowsWindows365, allowsAzure, allowsAzDevOps, allowsK8sTools, allowsDevTools, allowIpCheckApi, allowsSearch, allowAllOutbound, allowsJetbrains, }) => {
|
|
7
7
|
const netRules = new Array();
|
|
8
8
|
const appRules = new Array();
|
|
9
9
|
if (allowAllOutbound) {
|
|
@@ -259,6 +259,16 @@ exports.default = ({ name = 'cloud-pc', priority, subnetSpaces, allowsOffice365,
|
|
|
259
259
|
protocols: [{ protocolType: 'Https', port: 443 }],
|
|
260
260
|
});
|
|
261
261
|
}
|
|
262
|
+
if (allowsJetbrains) {
|
|
263
|
+
appRules.push({
|
|
264
|
+
ruleType: 'ApplicationRule',
|
|
265
|
+
name: `${name}-app-allow-jetbrains`,
|
|
266
|
+
description: 'Allows JetBrains',
|
|
267
|
+
sourceAddresses: subnetSpaces,
|
|
268
|
+
targetFqdns: ['jetbrains.com', '*.jetbrains.com', 'maven.org', '*.maven.org'],
|
|
269
|
+
protocols: [{ protocolType: 'Https', port: 443 }],
|
|
270
|
+
});
|
|
271
|
+
}
|
|
262
272
|
if (allowIpCheckApi) {
|
|
263
273
|
appRules.push({
|
|
264
274
|
ruleType: 'ApplicationRule',
|
|
@@ -275,4 +285,4 @@ exports.default = ({ name = 'cloud-pc', priority, subnetSpaces, allowsOffice365,
|
|
|
275
285
|
action: 'Allow',
|
|
276
286
|
});
|
|
277
287
|
};
|
|
278
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
288
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ2xvdWRQQ0ZpcmV3YWxsUG9saWN5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL1ZOZXQvRmlyZXdhbGxQb2xpY2llcy9DbG91ZFBDRmlyZXdhbGxQb2xpY3kudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFDQSx5Q0FBZ0U7QUFNaEUsc0RBQXdEO0FBa0J4RCx5RUFBeUU7QUFFekUsa0JBQWUsQ0FBQyxFQUNkLElBQUksR0FBRyxVQUFVLEVBQ2pCLFFBQVEsRUFDUixZQUFZLEVBQ1osZUFBZSxFQUNmLGdCQUFnQixFQUNoQixXQUFXLEVBQ1gsY0FBYyxFQUNkLGNBQWMsRUFDZCxjQUFjLEVBQ2QsZUFBZSxFQUNmLFlBQVksRUFDWixnQkFBZ0IsRUFDaEIsZUFBZSxHQUNULEVBQXVDLEVBQUU7SUFDL0MsTUFBTSxRQUFRLEdBQUcsSUFBSSxLQUFLLEVBQTBCLENBQUM7SUFDckQsTUFBTSxRQUFRLEdBQUcsSUFBSSxLQUFLLEVBQThCLENBQUM7SUFFekQsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO1FBQ3JCLFFBQVEsQ0FBQyxJQUFJLENBQUM7WUFDWixRQUFRLEVBQUUsYUFBYTtZQUN2QixJQUFJLEVBQUUsR0FBRyxJQUFJLHlCQUF5QjtZQUN0QyxXQUFXLEVBQUUsNkJBQTZCO1lBQzFDLFdBQVcsRUFBRSxDQUFDLEtBQUssQ0FBQztZQUNwQixlQUFlLEVBQUUsWUFBWTtZQUM3QixvQkFBb0IsRUFBRSxDQUFDLEdBQUcsQ0FBQztZQUMzQixnQkFBZ0IsRUFBRSxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUM7U0FDaEMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELGtCQUFrQjtJQUNsQixRQUFRLENBQUMsSUFBSSxDQUFDO1FBQ1osUUFBUSxFQUFFLGlCQUFpQjtRQUMzQixJQUFJLEVBQUUsR0FBRyxJQUFJLHFCQUFxQjtRQUNsQyxXQUFXLEVBQUUsd0JBQXdCO1FBQ3JDLGVBQWUsRUFBRSxZQUFZO1FBQzdCLFFBQVEsRUFBRSxDQUFDLGVBQWUsRUFBRSxvQkFBb0IsQ0FBQztRQUNqRCxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO0tBQ2xELENBQUMsQ0FBQztJQUVILElBQUksV0FBVyxFQUFFLENBQUM7UUFDaEIsUUFBUSxDQUFDLElBQUksQ0FBQztZQUNaLFFBQVEsRUFBRSxhQUFhO1lBQ3ZCLElBQUksRUFBRSxHQUFHLElBQUksbUJBQW1CO1lBQ2hDLFdBQVcsRUFBRSxxQ0FBcUM7WUFDbEQsV0FBVyxFQUFFLENBQUMsS0FBSyxFQUFFLEtBQUssQ0FBQztZQUMzQixlQUFlLEVBQUUsWUFBWTtZQUM3QixvQkFBb0IsRUFBRTtnQkFDcEIsY0FBYywwQkFBaUIsRUFBRTtnQkFDakMsT0FBTywwQkFBaUIsRUFBRTthQUMzQjtZQUNELGdCQUFnQixFQUFFLHNCQUFhO1NBQ2hDLENBQUMsQ0FBQztRQUVILGtCQUFrQjtRQUNsQiw2QkFBNkI7UUFDN0IsMENBQTBDO1FBQzFDLHdEQUF3RDtRQUN4RCxpQ0FBaUM7UUFDakMsbUNBQW1DO1FBQ25DLDBDQUEwQztRQUMxQyxxQ0FBcUM7UUFDckMsTUFBTTtRQUVOLFFBQVEsQ0FBQyxJQUFJLENBQUM7WUFDWixRQUFRLEVBQUUsaUJBQWlCO1lBQzNCLElBQUksRUFBRSxHQUFHLElBQUksMkJBQTJCO1lBQ3hDLFdBQVcsRUFBRSx3QkFBd0I7WUFDckMsZUFBZSxFQUFFLFlBQVk7WUFDN0IsUUFBUSxFQUFFO2dCQUNSLGFBQWE7Z0JBQ2Isd0JBQXdCO2dCQUN4QixvQ0FBb0M7YUFDckM7WUFDRCxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO1NBQ2xELENBQUMsQ0FBQztRQUVILFFBQVEsQ0FBQyxJQUFJLENBQUM7WUFDWixRQUFRLEVBQUUsaUJBQWlCO1lBQzNCLElBQUksRUFBRSxHQUFHLElBQUksZ0NBQWdDO1lBQzdDLFdBQVcsRUFBRSx3QkFBd0I7WUFDckMsZUFBZSxFQUFFLFlBQVk7WUFDN0IsV0FBVyxFQUFFO2dCQUNYLGFBQWE7Z0JBQ2IsYUFBYTtnQkFDYix1QkFBdUI7Z0JBQ3ZCLGNBQWM7Z0JBQ2Qsb0JBQW9CO2dCQUNwQixjQUFjO2dCQUNkLGdCQUFnQjtnQkFDaEIsc0JBQXNCO2dCQUN0QixtQkFBbUI7Z0JBQ25CLHFCQUFxQjthQUN0QjtZQUNELFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7U0FDbEQsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELElBQUksY0FBYyxFQUFFLENBQUM7UUFDbkIsUUFBUSxDQUFDLElBQUksQ0FBQztZQUNaLFFBQVEsRUFBRSxhQUFhO1lBQ3ZCLElBQUksRUFBRSxHQUFHLElBQUksd0JBQXdCO1lBQ3JDLFdBQVcsRUFBRSxhQUFhO1lBQzFCLFdBQVcsRUFBRSxDQUFDLEtBQUssQ0FBQztZQUNwQixlQUFlLEVBQUUsWUFBWTtZQUM3QixvQkFBb0IsRUFBRTtnQkFDcEIsZUFBZTtnQkFDZixlQUFlO2dCQUNmLGdCQUFnQjtnQkFDaEIsZ0JBQWdCO2FBQ2pCO1lBQ0QsZ0JBQWdCLEVBQUUsQ0FBQyxLQUFLLENBQUM7U0FDMUIsQ0FBQyxDQUFDO1FBQ0gsUUFBUSxDQUFDLElBQUksQ0FBQztZQUNaLFFBQVEsRUFBRSxpQkFBaUI7WUFDM0IsSUFBSSxFQUFFLEdBQUcsSUFBSSw0QkFBNEI7WUFDekMsV0FBVyxFQUFFLHdCQUF3QjtZQUNyQyxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO1lBQ2pELGVBQWUsRUFBRSxZQUFZO1lBQzdCLFdBQVcsRUFBRTtnQkFDWCxjQUFjO2dCQUNkLFlBQVk7Z0JBQ1osY0FBYztnQkFDZCxpQkFBaUI7Z0JBQ2pCLGVBQWU7Z0JBQ2YseUJBQXlCO2dCQUN6Qix3QkFBd0I7Z0JBQ3hCLG1CQUFtQjtnQkFDbkIscUJBQXFCO2dCQUNyQixtQkFBbUI7Z0JBQ25CLG1DQUFtQztnQkFDbkMsb0JBQW9CO2dCQUNwQixlQUFlO2dCQUNmLHlCQUF5QjtnQkFDekIsNEJBQTRCO2dCQUM1QiwwQkFBMEI7Z0JBQzFCLHFCQUFxQjtnQkFDckIsMkJBQTJCO2dCQUMzQixpQkFBaUI7Z0JBQ2pCLGVBQWU7Z0JBQ2Ysa0JBQWtCO2dCQUNsQixxQkFBcUI7Z0JBQ3JCLFVBQVU7Z0JBQ1YsZ0JBQWdCO2dCQUNoQiwyQkFBMkI7Z0JBQzNCLHNCQUFzQjtnQkFDdEIsNkJBQTZCO2dCQUM3QixlQUFlO2dCQUNmLHFCQUFxQjtnQkFDckIsOEJBQThCO2dCQUM5QixrQkFBa0I7Z0JBQ2xCLG9CQUFvQjtnQkFDcEIsZ0NBQWdDO2dCQUNoQyxhQUFhO2dCQUNiLDJCQUEyQjtnQkFDM0IsNEJBQTRCO2dCQUM1Qix5QkFBeUI7YUFDMUI7U0FDRixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsSUFBSSxjQUFjLEVBQUUsQ0FBQztRQUNuQixRQUFRLENBQUMsSUFBSSxDQUFDO1lBQ1osUUFBUSxFQUFFLGlCQUFpQjtZQUMzQixJQUFJLEVBQUUsR0FBRyxJQUFJLHFCQUFxQjtZQUNsQyxXQUFXLEVBQUUsaUJBQWlCO1lBQzlCLGVBQWUsRUFBRSxZQUFZO1lBQzdCLFdBQVcsRUFBRTtnQkFDWCxlQUFlO2dCQUNmLFlBQVk7Z0JBQ1osb0JBQW9CO2dCQUNwQix5QkFBeUI7Z0JBQ3pCLGtCQUFrQjtnQkFDbEIsUUFBUTtnQkFDUixrQkFBa0I7YUFDbkI7WUFDRCxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO1NBQ2xELENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxJQUFJLGNBQWMsRUFBRSxDQUFDO1FBQ25CLFFBQVEsQ0FBQyxJQUFJLENBQUM7WUFDWixRQUFRLEVBQUUsaUJBQWlCO1lBQzNCLElBQUksRUFBRSxHQUFHLElBQUksc0JBQXNCO1lBQ25DLFdBQVcsRUFBRSxrQkFBa0I7WUFDL0IsZUFBZSxFQUFFLFlBQVk7WUFDN0IsV0FBVyxFQUFFO2dCQUNYLFlBQVk7Z0JBQ1osY0FBYztnQkFDZCxjQUFjO2dCQUNkLGFBQWE7Z0JBQ2IsYUFBYTthQUNkO1lBQ0QsU0FBUyxFQUFFLENBQUMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQztTQUNsRCxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsSUFBSSxlQUFlLEVBQUUsQ0FBQztRQUNwQixRQUFRLENBQUMsSUFBSSxDQUFDO1lBQ1osUUFBUSxFQUFFLGlCQUFpQjtZQUMzQixJQUFJLEVBQUUsR0FBRyxJQUFJLHNCQUFzQjtZQUNuQyxXQUFXLEVBQUUsa0JBQWtCO1lBQy9CLGVBQWUsRUFBRSxZQUFZO1lBQzdCLFFBQVEsRUFBRSxDQUFDLFdBQVcsRUFBRSxzQkFBc0IsQ0FBQztZQUMvQyxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO1NBQ2xELENBQUMsQ0FBQztJQUNMLENBQUM7SUFDRCxJQUFJLGdCQUFnQixFQUFFLENBQUM7UUFDckIsUUFBUSxDQUFDLElBQUksQ0FBQztZQUNaLFFBQVEsRUFBRSxpQkFBaUI7WUFDM0IsSUFBSSxFQUFFLEdBQUcsSUFBSSxtQkFBbUI7WUFDaEMsV0FBVyxFQUFFLG1CQUFtQjtZQUNoQyxlQUFlLEVBQUUsWUFBWTtZQUM3QixRQUFRLEVBQUUsQ0FBQyxZQUFZLEVBQUUsaUJBQWlCLENBQUM7WUFDM0MsU0FBUyxFQUFFLENBQUMsRUFBRSxZQUFZLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQztTQUNsRCxDQUFDLENBQUM7UUFFSCxRQUFRLENBQUMsSUFBSSxDQUNYO1lBQ0UsUUFBUSxFQUFFLGFBQWE7WUFDdkIsSUFBSSxFQUFFLEdBQUcsSUFBSSwrQkFBK0I7WUFDNUMsV0FBVyxFQUFFLHdDQUF3QztZQUNyRCxXQUFXLEVBQUUsQ0FBQyxLQUFLLENBQUM7WUFDcEIsZUFBZSxFQUFFLFlBQVk7WUFDN0IsK0NBQStDO1lBQy9DLG9CQUFvQixFQUFFO2dCQUNwQixjQUFjO2dCQUNkLGlDQUFpQzthQUNsQztZQUNELGdCQUFnQixFQUFFLENBQUMsTUFBTSxDQUFDO1NBQzNCLEVBQ0Q7WUFDRSxRQUFRLEVBQUUsYUFBYTtZQUN2QixJQUFJLEVBQUUsR0FBRyxJQUFJLGlDQUFpQztZQUM5QyxXQUFXLEVBQUUsMENBQTBDO1lBQ3ZELFdBQVcsRUFBRSxDQUFDLEtBQUssQ0FBQztZQUNwQixlQUFlLEVBQUUsWUFBWTtZQUM3QixzQkFBc0I7WUFDdEIsNkNBQTZDO1lBQzdDLCtDQUErQztZQUMvQywrQ0FBK0M7WUFDL0MsK0NBQStDO1lBQy9DLCtDQUErQztZQUMvQywrQ0FBK0M7WUFDL0MsaURBQWlEO1lBQ2pELGlEQUFpRDtZQUNqRCxpREFBaUQ7WUFDakQsaURBQWlEO1lBQ2pELGlEQUFpRDtZQUNqRCxLQUFLO1lBQ0wsb0JBQW9CLEVBQUU7Z0JBQ3BCLGVBQWU7Z0JBQ2YsYUFBYTtnQkFDYixnQkFBZ0I7Z0JBQ2hCLGdCQUFnQjtnQkFDaEIsYUFBYTtnQkFDYixZQUFZO2dCQUNaLGNBQWM7Z0JBQ2QsY0FBYztnQkFDZCxjQUFjO2dCQUNkLGNBQWM7YUFDZjtZQUNELGdCQUFnQixFQUFFLENBQUMsS0FBSyxFQUFFLE1BQU0sQ0FBQztTQUNsQyxFQUNEO1lBQ0UsUUFBUSxFQUFFLGFBQWE7WUFDdkIsSUFBSSxFQUFFLEdBQUcsSUFBSSwyQkFBMkI7WUFDeEMsV0FBVyxFQUFFLG9DQUFvQztZQUNqRCxXQUFXLEVBQUUsQ0FBQyxLQUFLLEVBQUUsS0FBSyxDQUFDO1lBQzNCLGVBQWUsRUFBRSxZQUFZO1lBQzdCLG9CQUFvQixFQUFFLENBQUMsZUFBZSxDQUFDO1lBQ3ZDLGdCQUFnQixFQUFFLENBQUMsS0FBSyxFQUFFLE1BQU0sQ0FBQztTQUNsQyxDQUNGLENBQUM7SUFDSixDQUFDO0lBRUQsSUFBSSxZQUFZLEVBQUUsQ0FBQztRQUNqQixRQUFRLENBQUMsSUFBSSxDQUFDO1lBQ1osUUFBUSxFQUFFLGlCQUFpQjtZQUMzQixJQUFJLEVBQUUsR0FBRyxJQUFJLDJCQUEyQjtZQUN4QyxXQUFXLEVBQUUsdUJBQXVCO1lBQ3BDLGVBQWUsRUFBRSxZQUFZO1lBQzdCLFdBQVcsRUFBRSxDQUFDLFlBQVksRUFBRSxnQkFBZ0IsRUFBRSxVQUFVLEVBQUUsY0FBYyxDQUFDO1lBQ3pFLFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7U0FDbEQsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELElBQUcsZUFBZSxFQUFDLENBQUM7UUFDbEIsUUFBUSxDQUFDLElBQUksQ0FBQztZQUNaLFFBQVEsRUFBRSxpQkFBaUI7WUFDM0IsSUFBSSxFQUFFLEdBQUcsSUFBSSxzQkFBc0I7WUFDbkMsV0FBVyxFQUFFLGtCQUFrQjtZQUMvQixlQUFlLEVBQUUsWUFBWTtZQUM3QixXQUFXLEVBQUUsQ0FBQyxlQUFlLEVBQUMsaUJBQWlCLEVBQUMsV0FBVyxFQUFDLGFBQWEsQ0FBQztZQUMxRSxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO1NBQ2xELENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxJQUFJLGVBQWUsRUFBRSxDQUFDO1FBQ3BCLFFBQVEsQ0FBQyxJQUFJLENBQUM7WUFDWixRQUFRLEVBQUUsaUJBQWlCO1lBQzNCLElBQUksRUFBRSxHQUFHLElBQUksc0JBQXNCO1lBQ25DLFdBQVcsRUFBRSxrQkFBa0I7WUFDL0IsZUFBZSxFQUFFLFlBQVk7WUFDN0IsV0FBVyxFQUFFLENBQUMsZUFBZSxDQUFDO1lBQzlCLFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7U0FDbEQsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELE9BQU8sSUFBQSxvQ0FBbUIsRUFBQztRQUN6QixNQUFNLEVBQUUsRUFBRSxJQUFJLEVBQUUsR0FBRyxJQUFJLGtCQUFrQixFQUFFLFFBQVEsRUFBRSxRQUFRLEVBQUU7UUFDL0QsUUFBUTtRQUNSLE1BQU0sRUFBRSxPQUFPO0tBQ2hCLENBQUMsQ0FBQztBQUNMLENBQUMsQ0FBQyJ9
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { Input } from '@pulumi/pulumi';
|
|
2
|
+
import { FirewallPolicyRuleCollectionResults } from '../types';
|
|
3
|
+
interface UbuntuFirewallPolicyProps {
|
|
4
|
+
name: string;
|
|
5
|
+
priority: number;
|
|
6
|
+
subnetSpaces: Array<Input<string>>;
|
|
7
|
+
}
|
|
8
|
+
declare const _default: ({ name, priority, subnetSpaces, }: UbuntuFirewallPolicyProps) => FirewallPolicyRuleCollectionResults;
|
|
9
|
+
export default _default;
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const FirewallPolicy_1 = require("../FirewallPolicy");
|
|
4
|
+
exports.default = ({ name, priority, subnetSpaces, }) => {
|
|
5
|
+
const netRules = new Array();
|
|
6
|
+
const appRules = new Array();
|
|
7
|
+
netRules.push({
|
|
8
|
+
ruleType: 'NetworkRule',
|
|
9
|
+
name: `${name}-time`,
|
|
10
|
+
description: 'Required for Network Time Protocol (NTP) time synchronization on Linux nodes.',
|
|
11
|
+
ipProtocols: ['UDP'],
|
|
12
|
+
sourceAddresses: subnetSpaces,
|
|
13
|
+
destinationAddresses: ['ntp.ubuntu.com'],
|
|
14
|
+
destinationPorts: ['123'],
|
|
15
|
+
}, {
|
|
16
|
+
ruleType: 'NetworkRule',
|
|
17
|
+
name: `${name}-allows-commons-dns`,
|
|
18
|
+
description: 'Others DNS.',
|
|
19
|
+
ipProtocols: ['TCP', 'UDP'],
|
|
20
|
+
sourceAddresses: ['*'],
|
|
21
|
+
destinationAddresses: [
|
|
22
|
+
//Azure
|
|
23
|
+
'168.63.129.16',
|
|
24
|
+
//CloudFlare
|
|
25
|
+
'1.1.1.1',
|
|
26
|
+
'1.0.0.1',
|
|
27
|
+
//Google
|
|
28
|
+
'8.8.8.8',
|
|
29
|
+
'8.8.4.4',
|
|
30
|
+
],
|
|
31
|
+
destinationPorts: ['53'],
|
|
32
|
+
});
|
|
33
|
+
//AKS Apps Rules
|
|
34
|
+
appRules.push({
|
|
35
|
+
ruleType: 'ApplicationRule',
|
|
36
|
+
name: `${name}-azure-monitors`,
|
|
37
|
+
description: 'Azure AKS Monitoring',
|
|
38
|
+
sourceAddresses: subnetSpaces,
|
|
39
|
+
targetFqdns: [
|
|
40
|
+
'dc.services.visualstudio.com',
|
|
41
|
+
'*.ods.opinsights.azure.com',
|
|
42
|
+
'*.oms.opinsights.azure.com',
|
|
43
|
+
'*.monitoring.azure.com',
|
|
44
|
+
'*.services.visualstudio.com',
|
|
45
|
+
],
|
|
46
|
+
protocols: [{ protocolType: 'Https', port: 443 }],
|
|
47
|
+
}, {
|
|
48
|
+
ruleType: 'ApplicationRule',
|
|
49
|
+
name: `${name}-azure-policy`,
|
|
50
|
+
description: 'Azure AKS Policy Management',
|
|
51
|
+
sourceAddresses: subnetSpaces,
|
|
52
|
+
targetFqdns: [
|
|
53
|
+
'*.policy.core.windows.net',
|
|
54
|
+
'gov-prod-policy-data.trafficmanager.net',
|
|
55
|
+
'raw.githubusercontent.com',
|
|
56
|
+
'dc.services.visualstudio.com',
|
|
57
|
+
],
|
|
58
|
+
protocols: [{ protocolType: 'Https', port: 443 }],
|
|
59
|
+
}, {
|
|
60
|
+
ruleType: 'ApplicationRule',
|
|
61
|
+
name: `${name}-ubuntu`,
|
|
62
|
+
description: 'Allows Ubuntu Services',
|
|
63
|
+
sourceAddresses: subnetSpaces,
|
|
64
|
+
targetFqdns: ['*.ubuntu.com'],
|
|
65
|
+
protocols: [
|
|
66
|
+
{ protocolType: 'Https', port: 443 },
|
|
67
|
+
{ protocolType: 'Http', port: 80 },
|
|
68
|
+
],
|
|
69
|
+
});
|
|
70
|
+
return (0, FirewallPolicy_1.FirewallPolicyGroup)({
|
|
71
|
+
policy: { name, netRules, appRules },
|
|
72
|
+
priority,
|
|
73
|
+
action: 'Allow',
|
|
74
|
+
});
|
|
75
|
+
};
|
|
76
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVWJ1bnR1RmlyZXdhbGxQb2xpY3kuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvVk5ldC9GaXJld2FsbFBvbGljaWVzL1VidW50dUZpcmV3YWxsUG9saWN5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBUUEsc0RBQXdEO0FBUXhELGtCQUFlLENBQUMsRUFDZCxJQUFJLEVBQ0osUUFBUSxFQUNSLFlBQVksR0FDYyxFQUF1QyxFQUFFO0lBQ25FLE1BQU0sUUFBUSxHQUFHLElBQUksS0FBSyxFQUEwQixDQUFDO0lBQ3JELE1BQU0sUUFBUSxHQUFHLElBQUksS0FBSyxFQUE4QixDQUFDO0lBRXpELFFBQVEsQ0FBQyxJQUFJLENBQ1g7UUFDRSxRQUFRLEVBQUUsYUFBYTtRQUN2QixJQUFJLEVBQUUsR0FBRyxJQUFJLE9BQU87UUFDcEIsV0FBVyxFQUNULCtFQUErRTtRQUNqRixXQUFXLEVBQUUsQ0FBQyxLQUFLLENBQUM7UUFDcEIsZUFBZSxFQUFFLFlBQVk7UUFDN0Isb0JBQW9CLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQztRQUN4QyxnQkFBZ0IsRUFBRSxDQUFDLEtBQUssQ0FBQztLQUMxQixFQUNEO1FBQ0UsUUFBUSxFQUFFLGFBQWE7UUFDdkIsSUFBSSxFQUFFLEdBQUcsSUFBSSxxQkFBcUI7UUFDbEMsV0FBVyxFQUFFLGFBQWE7UUFDMUIsV0FBVyxFQUFFLENBQUMsS0FBSyxFQUFFLEtBQUssQ0FBQztRQUMzQixlQUFlLEVBQUUsQ0FBQyxHQUFHLENBQUM7UUFDdEIsb0JBQW9CLEVBQUU7WUFDcEIsT0FBTztZQUNQLGVBQWU7WUFDZixZQUFZO1lBQ1osU0FBUztZQUNULFNBQVM7WUFDVCxRQUFRO1lBQ1IsU0FBUztZQUNULFNBQVM7U0FDVjtRQUNELGdCQUFnQixFQUFFLENBQUMsSUFBSSxDQUFDO0tBQ3pCLENBQ0YsQ0FBQztJQUVGLGdCQUFnQjtJQUNoQixRQUFRLENBQUMsSUFBSSxDQUNYO1FBQ0UsUUFBUSxFQUFFLGlCQUFpQjtRQUMzQixJQUFJLEVBQUUsR0FBRyxJQUFJLGlCQUFpQjtRQUM5QixXQUFXLEVBQUUsc0JBQXNCO1FBQ25DLGVBQWUsRUFBRSxZQUFZO1FBQzdCLFdBQVcsRUFBRTtZQUNYLDhCQUE4QjtZQUM5Qiw0QkFBNEI7WUFDNUIsNEJBQTRCO1lBQzVCLHdCQUF3QjtZQUN4Qiw2QkFBNkI7U0FDOUI7UUFDRCxTQUFTLEVBQUUsQ0FBQyxFQUFFLFlBQVksRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO0tBQ2xELEVBQ0Q7UUFDRSxRQUFRLEVBQUUsaUJBQWlCO1FBQzNCLElBQUksRUFBRSxHQUFHLElBQUksZUFBZTtRQUM1QixXQUFXLEVBQUUsNkJBQTZCO1FBQzFDLGVBQWUsRUFBRSxZQUFZO1FBQzdCLFdBQVcsRUFBRTtZQUNYLDJCQUEyQjtZQUMzQix5Q0FBeUM7WUFDekMsMkJBQTJCO1lBQzNCLDhCQUE4QjtTQUMvQjtRQUNELFNBQVMsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7S0FDbEQsRUFDRDtRQUNFLFFBQVEsRUFBRSxpQkFBaUI7UUFDM0IsSUFBSSxFQUFFLEdBQUcsSUFBSSxTQUFTO1FBQ3RCLFdBQVcsRUFBRSx3QkFBd0I7UUFDckMsZUFBZSxFQUFFLFlBQVk7UUFDN0IsV0FBVyxFQUFFLENBQUMsY0FBYyxDQUFDO1FBQzdCLFNBQVMsRUFBRTtZQUNULEVBQUUsWUFBWSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFO1lBQ3BDLEVBQUUsWUFBWSxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsRUFBRSxFQUFFO1NBQ25DO0tBQ0YsQ0FDRixDQUFDO0lBRUYsT0FBTyxJQUFBLG9DQUFtQixFQUFDO1FBQ3pCLE1BQU0sRUFBRSxFQUFFLElBQUksRUFBRSxRQUFRLEVBQUUsUUFBUSxFQUFFO1FBQ3BDLFFBQVE7UUFDUixNQUFNLEVBQUUsT0FBTztLQUNoQixDQUFDLENBQUM7QUFDTCxDQUFDLENBQUMifQ==
|
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
export { default as AksFirewallPolicy } from
|
|
2
|
-
export { default as CloudPCFirewallPolicy } from
|
|
3
|
-
export { default as CFTunnelFirewallPolicy } from
|
|
4
|
-
export { default as DefaultFirewallPolicy } from
|
|
1
|
+
export { default as AksFirewallPolicy } from './AksFirewallPolicy';
|
|
2
|
+
export { default as CloudPCFirewallPolicy } from './CloudPCFirewallPolicy';
|
|
3
|
+
export { default as CFTunnelFirewallPolicy } from './CFTunnelFirewallPolicy';
|
|
4
|
+
export { default as DefaultFirewallPolicy } from './DefaultFirewallPolicy';
|
|
5
|
+
export { default as UbuntuFirewallPolicy } from './UbuntuFirewallPolicy';
|
|
@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.DefaultFirewallPolicy = exports.CFTunnelFirewallPolicy = exports.CloudPCFirewallPolicy = exports.AksFirewallPolicy = void 0;
|
|
6
|
+
exports.UbuntuFirewallPolicy = exports.DefaultFirewallPolicy = exports.CFTunnelFirewallPolicy = exports.CloudPCFirewallPolicy = exports.AksFirewallPolicy = void 0;
|
|
7
7
|
var AksFirewallPolicy_1 = require("./AksFirewallPolicy");
|
|
8
8
|
Object.defineProperty(exports, "AksFirewallPolicy", { enumerable: true, get: function () { return __importDefault(AksFirewallPolicy_1).default; } });
|
|
9
9
|
var CloudPCFirewallPolicy_1 = require("./CloudPCFirewallPolicy");
|
|
@@ -12,4 +12,6 @@ var CFTunnelFirewallPolicy_1 = require("./CFTunnelFirewallPolicy");
|
|
|
12
12
|
Object.defineProperty(exports, "CFTunnelFirewallPolicy", { enumerable: true, get: function () { return __importDefault(CFTunnelFirewallPolicy_1).default; } });
|
|
13
13
|
var DefaultFirewallPolicy_1 = require("./DefaultFirewallPolicy");
|
|
14
14
|
Object.defineProperty(exports, "DefaultFirewallPolicy", { enumerable: true, get: function () { return __importDefault(DefaultFirewallPolicy_1).default; } });
|
|
15
|
-
|
|
15
|
+
var UbuntuFirewallPolicy_1 = require("./UbuntuFirewallPolicy");
|
|
16
|
+
Object.defineProperty(exports, "UbuntuFirewallPolicy", { enumerable: true, get: function () { return __importDefault(UbuntuFirewallPolicy_1).default; } });
|
|
17
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvVk5ldC9GaXJld2FsbFBvbGljaWVzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7OztBQUFBLHlEQUFtRTtBQUExRCx1SUFBQSxPQUFPLE9BQXFCO0FBQ3JDLGlFQUEyRTtBQUFsRSwrSUFBQSxPQUFPLE9BQXlCO0FBQ3pDLG1FQUE2RTtBQUFwRSxpSkFBQSxPQUFPLE9BQTBCO0FBQzFDLGlFQUEyRTtBQUFsRSwrSUFBQSxPQUFPLE9BQXlCO0FBQ3pDLCtEQUF5RTtBQUFoRSw2SUFBQSxPQUFPLE9BQXdCIn0=
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@drunk-pulumi/azure",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.50",
|
|
4
4
|
"author": "drunkcoding@outlook.com",
|
|
5
5
|
"description": "The custom helpers pulumi-azure",
|
|
6
6
|
"license": "MIT",
|
|
@@ -18,8 +18,8 @@
|
|
|
18
18
|
},
|
|
19
19
|
"dependencies": {
|
|
20
20
|
"@drunk-pulumi/azure-providers": "^1.0.7",
|
|
21
|
-
"@pulumi/azure-native": "^2.
|
|
22
|
-
"@pulumi/azuread": "6.0.
|
|
21
|
+
"@pulumi/azure-native": "^2.76.0",
|
|
22
|
+
"@pulumi/azuread": "6.0.2",
|
|
23
23
|
"@pulumi/pulumi": "^3.142.0",
|
|
24
24
|
"@pulumi/random": "^4.16.7",
|
|
25
25
|
"@pulumi/tls": "^5.0.9",
|