#161 Allow the creation of custom (opened) TCP endpoints. #162
Conversation
|
Hi @ddanciu, I'm your friendly neighborhood Azure Pull Request Bot (You can call me AZPRBOT). Thanks for your contribution! TTYL, AZPRBOT; |
templates/arm/deployment.json.erb
Outdated
| <% end %> | ||
| <% end %> |
There was a problem hiding this comment.
Looks like has_tcp_endpoints is only being applied to Linux VMs, or are my eyes playing tricks on me?
There was a problem hiding this comment.
Indeed. Apparently haven't thought it far enough.
Will update it.
There was a problem hiding this comment.
Let me know when you'd like me to review the PR. Thank you for attempting this feature.
There was a problem hiding this comment.
Hi @devigned , Can you please have a look. I would love some feedback.
Thanks,
Dan
|
@ddanciu, Thanks for signing the contribution license agreement so quickly! Actual humans will now validate the agreement and then evaluate the PR. |
README.md
Outdated
| @@ -124,6 +124,7 @@ For instructions on how to setup an Azure Active Directory Application see: <htt | |||
| * `vm_image_urn`: (Optional) Name of the virtual machine image urn to use -- defaults to 'canonical:ubuntuserver:16.04-LTS:latest'. See documentation for [*nix](https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-linux-cli-ps-findimage/), [Windows](https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-cli-ps-findimage). | |||
| * `virtual_network_name`: (Optional) Name of the virtual network resource | |||
| * `subnet_name`: (Optional) Name of the virtual network subnet resource | |||
| * `tcp_endpoints`: (Optional) The custom inbound security rules part of network security group (a.k.a. opened tcp endpoints). Allows specifying one or more intervals in the form '8000-9000, 9100-9200'. | |||
There was a problem hiding this comment.
Perhaps, this should be an array of strings. String parsing of the array will be a bit ambiguous where the array syntax only requires the understanding and parsing of the port range strings (start_port-end_port).
tcp_endpoints = ['8000-9000', '9100-9200']| unless tcp_endpoints.nil? || tcp_endpoints.empty? | ||
| endpoints = tcp_endpoints.split(',') | ||
| else | ||
| endpoints = {} |
There was a problem hiding this comment.
endpoints here should be an [] rather than a hash {}.
| "sourceAddressPrefix": "*", | ||
| "destinationAddressPrefix": "*", | ||
| "access": "Allow", | ||
| "priority": <%= 133 + index %>, |
There was a problem hiding this comment.
Per the docs for network security group rule priority (https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg#Nsg-rules) rule priority must be between Number between 100 and 4096. I think this is an edge case, but might warrant an error if the user has endpoints.length * 133 > 4096.
|
@devigned, any other feedback is appreciated. Thanks, |
|
LGTM! Thank you for the contribution. |
This enables the setup of custom opened ports.
At the moment it allows only one interval.
In the future it should support multiple port intervals (comma separated).