stackforge-attic/murano-repository
Code Issues Proposed changes

Fixed security groups for AdvNetworking support

Browse Source 
Requires change I87c694cfa7725e32956062b63529c3bda5804ba7 to work properly

Change-Id: I16e9fcf5b95d9f77c26e80680975be701d2be271
This commit is contained in:
ativelkov
2013-12-06 17:23:37 +04:00
parent db676b09ad
commit 546619c2b4
32 changed files with 292 additions and 226 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
muranorepository/Services/activeDirectory-manifest.yaml
View File

@@ -14,11 +14,13 @@ heat:
- RouterInterface.template
- Windows.template
- Network.template
- NNSecurity.template
- Param.template
- Subnet.template
- InstancePortWSubnet.template
- InstancePort.template
- NNSecurity.template
- DefaultSecurity.template
- WindowsSecurity.template
scripts:
- Install-RoleSecondaryDomainController.ps1
- Install-RolePrimaryDomainController.ps1

4
muranorepository/Services/aspNetApp-manifest.yaml
View File

@@ -27,7 +27,9 @@ heat:
- Param.template
- RouterInterface.template
- Subnet.template
- DefaultSecurity.template
- WindowsSecurity.template
- WebServerSecurity.template
agent:
- SetPassword.template

3
muranorepository/Services/aspNetAppFarm-manifest.yaml
View File

@@ -28,6 +28,9 @@ heat:
- RouterInterface.template
- Subnet.template
- LoadBalancer.template
- DefaultSecurity.template
- WindowsSecurity.template
- WebServerSecurity.template
agent:
- SetPassword.template

5
muranorepository/Services/demoService-manifest.yaml
View File

@@ -11,8 +11,11 @@ heat:
- Subnet.template
- InstancePortWSubnet.template
- InstancePort.template
- DefaultSecurity.template
- LinuxSecurity.template
- DemoSecurity.template
scripts: []
service_display_name: Demo Service
service_display_name: Demo Service
service_version: ''
ui:
- Demo.yaml

18
muranorepository/Services/heat_templates/DefaultSecurity.template Normal file
View File

@@ -0,0 +1,18 @@
{
"Resources": {
"$MuranoSecurityGroup-{envName}": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [
{
"ToPort": "-1",
"IpProtocol": "icmp",
"FromPort": "-1",
"CidrIp": "$cidr"
}
],
"GroupDescription": "$Composite security group for Murano Environment {envName}"
}
}
}
}

38
muranorepository/Services/heat_templates/Demo.template
View File

@@ -1,14 +1,6 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"KeyName": {
"Description": "Key Pair name for Load Balancer",
"Type": "String",
"Default": "murano-lb-key"
}
},
"Resources": {
"$instanceName": {
"Type": "AWS::EC2::Instance",
@@ -18,36 +10,6 @@
"AvailabilityZone": "$availabilityZone",
"UserData": "$userData"
}
},
"MuranoDefaultSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [
{
"ToPort": "3389",
"IpProtocol": "tcp",
"FromPort": "3389",
"CidrIp": "0.0.0.0/0"
},
{
"ToPort": "22",
"IpProtocol": "tcp",
"FromPort": "22",
"CidrIp": "0.0.0.0/0"
},
{
"ToPort": "-1",
"IpProtocol": "icmp",
"FromPort": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"GroupDescription": "Default security group for Murano Environments"
}
}
},
"Outputs": {
}
}

17
muranorepository/Services/heat_templates/DemoSecurity.template Normal file
View File

@@ -0,0 +1,17 @@
{
"Resources": {
"$MuranoSecurityGroup-{envName}": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [
{
"ToPort": "-1",
"IpProtocol": "icmp",
"FromPort": "-1",
"CidrIp": "0.0.0.0/0"
}
]
}
}
}
}

2
muranorepository/Services/heat_templates/InstancePort.template
View File

@@ -14,7 +14,7 @@
"Properties": {
"security_groups": [
{
"Ref": "MuranoDefaultSecurityGroup"
"Ref": "$MuranoSecurityGroup-{envName}"
}
],
"network_id": {

2
muranorepository/Services/heat_templates/InstancePortWSubnet.template
View File

@@ -14,7 +14,7 @@
"Properties": {
"security_groups": [
{
"Ref": "MuranoDefaultSecurityGroup"
"Ref": "$MuranoSecurityGroup-{envName}"
}
],
"network_id": {

38
muranorepository/Services/heat_templates/Linux.template
View File

@@ -19,44 +19,6 @@
"AvailabilityZone": "$availabilityZone",
"UserData": "$userData"
}
},
"MuranoDefaultSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [
{
"ToPort": "22",
"IpProtocol": "tcp",
"FromPort": "22",
"CidrIp": "0.0.0.0/0"
},
{
"ToPort": "23",
"IpProtocol": "tcp",
"FromPort": "23",
"CidrIp": "0.0.0.0/0"
},
{
"ToPort": "-1",
"IpProtocol": "icmp",
"FromPort": "-1",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort" : "1",
"ToPort": "65535",
"CidrIp": "10.0.0.0/24"
},
{
"IpProtocol": "udp",
"FromPort" : "1",
"ToPort": "65535",
"CidrIp": "10.0.0.0/24"
}
],
"GroupDescription": "Default security group for Linux Murano Environments"
}
}
},

17
muranorepository/Services/heat_templates/LinuxSecurity.template Normal file
View File

@@ -0,0 +1,17 @@
{
"Resources": {
"$MuranoSecurityGroup-{envName}": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [
{
"ToPort": "22",
"IpProtocol": "tcp",
"FromPort": "22",
"CidrIp": "0.0.0.0/0"
}
]
}
}
}
}

4
muranorepository/Services/heat_templates/NNSecurity.template
View File

@@ -4,10 +4,10 @@
"Properties": {
"SecurityGroups": [
{
"Ref": "MuranoDefaultSecurityGroup"
"Ref": "$MuranoSecurityGroup-{envName}"
}
]
}
}
}
}
}

20
muranorepository/Services/heat_templates/SQL-security.template
View File

@@ -1,11 +1,6 @@
{
"Resources": {
"$instancePort": {
"Properties": {
"SecurityGroups" : [ {"Ref" : "MsSqlSecurityGroup"} ]
}
},
"MsSqlSecurityGroup": {
"$MuranoSecurityGroup-{envName}": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [
@@ -13,28 +8,21 @@
"ToPort": "4022",
"IpProtocol": "tcp",
"FromPort": "4022",
"CidrIp": "0.0.0.0/0"
"CidrIp": "$cidr"
},
{
"ToPort": "135",
"IpProtocol": "tcp",
"FromPort": "135",
"CidrIp": "0.0.0.0/0"
"CidrIp": "$cidr"
},
{
"ToPort": "1433",
"IpProtocol": "tcp",
"FromPort": "1433",
"CidrIp": "0.0.0.0/0"
},
{
"ToPort": "1434",
"IpProtocol": "tcp",
"FromPort": "1434",
"CidrIp": "0.0.0.0/0"
}
],
"GroupDescription": "Enable MS SQL access"
]
}
}
}

37
muranorepository/Services/heat_templates/SQLCluster.template
View File

@@ -6,45 +6,8 @@
{
"ip_address": "$clusterIp"
}
],
"SecurityGroups": [
{
"Ref": "MsSqlSecurityGroup"
}
]
}
},
"MsSqlSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [
{
"ToPort": "4022",
"IpProtocol": "tcp",
"FromPort": "4022",
"CidrIp": "0.0.0.0/0"
},
{
"ToPort": "135",
"IpProtocol": "tcp",
"FromPort": "135",
"CidrIp": "0.0.0.0/0"
},
{
"ToPort": "1433",
"IpProtocol": "tcp",
"FromPort": "1433",
"CidrIp": "0.0.0.0/0"
},
{
"ToPort": "1434",
"IpProtocol": "tcp",
"FromPort": "1434",
"CidrIp": "0.0.0.0/0"
}
],
"GroupDescription": "Enable MS SQL access"
}
}
}
}

17
muranorepository/Services/heat_templates/TelnetSecurity.template Normal file
View File

@@ -0,0 +1,17 @@
{
"Resources": {
"$MuranoSecurityGroup-{envName}": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [
{
"ToPort": "23",
"IpProtocol": "tcp",
"FromPort": "23",
"CidrIp": "0.0.0.0/0"
}
]
}
}
}
}

10
muranorepository/Services/heat_templates/ApacheSecurity.template → muranorepository/Services/heat_templates/WebServerSecurity.template
View File

@@ -1,11 +1,6 @@
{
"Resources": {
"$port-{instanceName}": {
"Properties": {
"security_groups" : [ {"Ref" : "ApacheSecurityGroup"} ]
}
},
"ApacheSecurityGroup": {
"$MuranoSecurityGroup-{envName}": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [
@@ -21,8 +16,7 @@
"FromPort": "433",
"CidrIp": "0.0.0.0/0"
}
],
"GroupDescription": "Enable access to HTTP and HTTPS protocols"
]
}
}
}

27
muranorepository/Services/heat_templates/Windows.template
View File

@@ -1,7 +1,6 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {},
"Resources": {
"$instanceName": {
@@ -12,32 +11,6 @@
"AvailabilityZone": "$availabilityZone",
"UserData": "$userData"
}
},
"MuranoDefaultSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [
{
"ToPort": "3389",
"IpProtocol": "tcp",
"FromPort": "3389",
"CidrIp": "0.0.0.0/0"
},
{
"ToPort": "22",
"IpProtocol": "tcp",
"FromPort": "22",
"CidrIp": "0.0.0.0/0"
},
{
"ToPort": "-1",
"IpProtocol": "icmp",
"FromPort": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"GroupDescription": "Default security group for Murano Environments"
}
}
},

17
muranorepository/Services/heat_templates/WindowsSecurity.template Normal file
View File

@@ -0,0 +1,17 @@
{
"Resources": {
"$MuranoSecurityGroup-{envName}": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [
{
"ToPort": "3389",
"IpProtocol": "tcp",
"FromPort": "3389",
"CidrIp": "0.0.0.0/0"
}
]
}
}
}
}

5
muranorepository/Services/linuxApacheService-manifest.yaml
View File

@@ -19,7 +19,7 @@ workflows:
heat:
- Linux.template
- ApacheSecurity.template
- WebServerSecurity.template
- InstancePort.template
- InstancePortWSubnet.template
- Network.template
@@ -27,6 +27,9 @@ heat:
- Param.template
- RouterInterface.template
- Subnet.template
- DefaultSecurity.template
- WebServerSecurity.template
- LinuxSecurity.template
agent:
- DeployApache.template

3
muranorepository/Services/linuxTelnetService-manifest.yaml
View File

@@ -26,6 +26,9 @@ heat:
- Param.template
- RouterInterface.template
- Subnet.template
- DefaultSecurity.template
- LinuxSecurity.template
- TelnetSecurity.template
agent:
- DeployTelnet.template

5
muranorepository/Services/msSqlClusterServer-manifest.yaml
View File

@@ -28,6 +28,9 @@ heat:
- Param.template
- RouterInterface.template
- Subnet.template
- DefaultSecurity.template
- WindowsSecurity.template
- SQL-security.template
agent:
@@ -51,4 +54,4 @@ scripts:
- OptionParser.ps1
- SQLServer/SQLServerOptionParsers.ps1
- SQLServer/SQLServerInstaller.ps1
- Export-Function.ps1
- Export-Function.ps1

3
muranorepository/Services/msSqlServer-manifest.yaml
View File

@@ -28,6 +28,9 @@ heat:
- Param.template
- RouterInterface.template
- Subnet.template
- DefaultSecurity.template
- WindowsSecurity.template
- SQL-security.template
agent:

3
muranorepository/Services/webServer-manifest.yaml
View File

@@ -27,6 +27,9 @@ heat:
- Param.template
- RouterInterface.template
- Subnet.template
- DefaultSecurity.template
- WindowsSecurity.template
- WebServerSecurity.template
agent:
- SetPassword.template

4
muranorepository/Services/webServerFarm-manifest.yaml
View File

@@ -27,7 +27,9 @@ heat:
- Param.template
- RouterInterface.template
- Subnet.template
- DefaultSecurity.template
- WindowsSecurity.template
- WebServerSecurity.template
agent:
- SetPassword.template

8
muranorepository/Services/workflows/AD.xml
View File

@@ -7,6 +7,14 @@
<mute/>
</rule>
<rule match="$.services[?(@.type == 'activeDirectory' and not @.securityTemplates)]">
<set path="securityTemplates">
<list>
<text>WindowsSecurity</text>
</list>
</set>
</rule>
<rule match="$[?(@.networking.state.ready_for_cf)].services[?(@.type == 'activeDirectory' and @.osImage.name)].units[?(@.state.hostname and not @.temp.instanceName)]"
desc="Units of AD services which have got hostname and image assigned, but instances not deployed yet">
<report entity="unit">

38
muranorepository/Services/workflows/Apache.xml
View File

@@ -1,5 +1,15 @@
<workflow>
<!-- Provisioning rules -->
<rule match="$.services[?(@.type == 'linuxApacheService' and not @.securityTemplates)]">
<set path="securityTemplates">
<list>
<text>WebServerSecurity</text>
<text>LinuxSecurity</text>
</list>
</set>
</rule>
<rule match="$[?(@.networking.state.ready_for_cf)].services[?(@.type == 'linuxApacheService')].units[?(@.state.hostname and not @.temp.instanceName)]"
desc="Units of Linux Telnet service having hostname and image names assigned but without instances">
<report entity="unit">
@@ -77,34 +87,6 @@
Configuring security groups on <select path="state.hostname"/> (<select path="name"/>)
</parameter>
</report>
<update-cf-stack template="ApacheSecurity" error="exception">
<parameter name="mappings">
<map>
<mapping name="portName">port-<select path="state.hostname"/></mapping>
</map>
</parameter>
<success>
<report entity="unit">
<parameter name="id">
<select path="id"/>
</parameter>
<parameter name="text">
Security groups configuration on instance <select path="state.hostname"/> (<select path="name"/>) is successful
</parameter>
</report>
</success>
<failure>
<report entity="unit" level="error">
<parameter name="id">
<select path="id"/>
</parameter>
<parameter name="text">
Unable to configure security groups on instance <select path="state.hostname"/> (<select path="name"/>) due to <format-error error="exception"/>
</parameter>
</report>
<stop/>
</failure>
</update-cf-stack>
</rule>
<!-- Agent rules -->
<rule match="$.services[?(@.type == 'linuxApacheService')].units[?(@.temp.instanceName and not @.state.ApacheInstalled)]"

13
muranorepository/Services/workflows/Demo.xml
View File

@@ -1,5 +1,16 @@
<workflow>
<rule match="$[?(@.networking.state.ready_for_cf)].services[?(@.type == 'demoService')].units[?(@.state.hostname and not @.temp.instanceName)]"
<rule match="$.services[?(@.type == 'demoService')]">
<set path="securityTemplates">
<list>
<text>DemoSecurity</text>
<text>LinuxSecurity</text>
</list>
</set>
</rule>
<rule match="$[?(@.networking.state.ready_for_cf)].services[?(@.type == 'demoService')].units[?(@.state.hostname and not @.temp.instanceName)]"
desc="Units of demo service having hostname and image names assigned but without instances">
<report entity="unit">
<parameter name="id"><select path="id"/></parameter>

9
muranorepository/Services/workflows/LinuxTelnet.xml
View File

@@ -1,5 +1,12 @@
<workflow>
<rule match="$.services[?(@.type == 'linuxTelnetService' and not @.securityTemplates)]">
<set path="securityTemplates">
<list>
<text>TelnetSecurity</text>
<text>LinuxSecurity</text>
</list>
</set>
</rule>
<rule match="$[?(@.networking.state.ready_for_cf)].services[?(@.type == 'linuxTelnetService')].units[?(@.state.hostname and not @.temp.instanceName)]"
desc="Units of Linux Telnet service having hostname and image names assigned but without instances">
<report entity="unit">

7
muranorepository/Services/workflows/MsSqlCluster.xml
View File

@@ -1,4 +1,11 @@
<workflow>
<rule match="$.services[?(@.type == 'msSqlClusterServer' and not @.securityTemplates)]">
<set path="securityTemplates">
<list>
<text>SQL-security</text>
</list>
</set>
</rule>
<rule match="$.services[?(@.type == 'msSqlClusterServer' and @.domain)].units[*]"
desc="Units of SQL Server Cluster services which are part of the domain">

29
muranorepository/Services/workflows/MsSqlServer.xml
View File

@@ -1,4 +1,13 @@
<workflow>
<rule match="$.services[?(@.type == 'msSqlServer' and not @.securityTemplates)]">
<set path="securityTemplates">
<list>
<text>SQL-security</text>
</list>
</set>
</rule>
<rule match="$.services[?(@.type == 'msSqlServer' and @.domain)].units[*]"
desc="Units of SQL Server services which are part of the domain">
<set path="domain">
@@ -51,26 +60,6 @@
<parameter name="id"><select path="id"/></parameter>
<parameter name="text">Opening SQL ports on <select path="state.hostname"/> (<select path="name"/>)</parameter>
</report>
<update-cf-stack template="SQL-security" error="exception">
<parameter name="mappings">
<map>
<mapping name="instancePort">port-<select path="state.hostname"/></mapping>
</map>
</parameter>
<success>
<report entity="unit">
<parameter name="id"><select path="id"/></parameter>
<parameter name="text">SQL ports open on <select path="state.hostname"/> (<select path="name"/>)</parameter>
</report>
</success>
<failure>
<report entity="unit" level="error">
<parameter name="id"><select path="id"/></parameter>
<parameter name="text">Unable to open SQL ports on instance <select path="state.hostname"/> (<select path="name"/>) due to <format-error error="exception"/></parameter>
</report>
<stop/>
</failure>
</update-cf-stack>
</rule>
<rule match="$.services[?(@.type == 'msSqlServer' and @.adminPassword and @.adminPassword != @.state.adminPassword)].units[?(@.temp.instanceName)]"

101
muranorepository/Services/workflows/Networking.xml
View File

@@ -39,6 +39,7 @@
<rule match="$[?(@.networking.topology == 'nova' and not @.networking.state.ready_for_cf)]"
desc="Nova topology - skip all neutron actions">
<set path="networking.cidr">0.0.0.0/0</set>
<set path="networking.state.ready_for_cf"><true/></set>
</rule>
@@ -59,7 +60,7 @@
</rule>
<rule match="$[?(@.networking.state.ready_for_cidrs)].networking.networks[?(@.createSubnet and not @.cidr)]"
desc="Need to find cidr for network-to-join">
desc="Need to generate cidr for new subnet in network-to-join">
<get-cidr result="cidr">
<parameter name="routerId"><select path="/networking.routerId"/></parameter>
<success>
@@ -68,6 +69,18 @@
</get-cidr>
</rule>
<rule match="$[?(@.networking.state.ready_for_cidrs)].networking.networks[?(not @.createSubnet and not @.cidr)]"
desc="Need to find cidr in existing subnet in network-to-join">
<get-cidr result="cidr">
<parameter name="existingNetwork"><select path="networkId"/></parameter>
<success>
<set path="cidr"><select source="cidr" path="cidr"/></set>
</success>
</get-cidr>
</rule>
<rule match="$[?(@.networking.state.ready_for_cidrs)]">
<rule match="$[?(@.networking.createNetwork and not @.networking.cidr)]"
desc="No more cidr config required for new networks">
@@ -79,7 +92,7 @@
</rule>
<rule match="$[?(@.networking.state.ready_for_cidrs)]">
<rule match="$.networking.networks[?(@.createSubnet and not @.cidr)]"
<rule match="$.networking.networks[?(not @.cidr)]"
desc="No more cidr config required for joined networks">
<empty>
<set path="networking.state.join_net_cidr_done"><true/></set>
@@ -195,6 +208,7 @@
<parameter name="mappings">
<map>
<mapping name="instanceName"><select path="state.hostname"/></mapping>
<mapping name="envName"><select path="/name"/></mapping>
</map>
</parameter>
</update-cf-stack>
@@ -206,6 +220,7 @@
<update-cf-stack template="InstancePortWSubnet">
<parameter name="mappings">
<map>
<mapping name="envName"><select path="/name"/></mapping>
<mapping name="instanceName"><select path="state.hostname"/></mapping>
<mapping name="instancePort">port-<select path="state.hostname"/></mapping>
<mapping name="network">network</mapping>
@@ -225,6 +240,7 @@
<update-cf-stack template="InstancePortWSubnet">
<parameter name="mappings">
<map>
<mapping name="envName"><select path="/name"/></mapping>
<mapping name="instanceName"><select path="state.hostname"/></mapping>
<mapping name="instancePort">network-port-<select path="state.hostname"/></mapping>
<mapping name="network">network-<select source="network" path="id"/> </mapping>
@@ -244,6 +260,7 @@
<update-cf-stack template="InstancePort">
<parameter name="mappings">
<map>
<mapping name="envName"><select path="/name"/></mapping>
<mapping name="instanceName"><select path="state.hostname"/></mapping>
<mapping name="instancePort">join-<select source="network" path="id"/>-port-<select path="state.hostname"/></mapping>
<mapping name="network">network-<select source="network" path="id"/> </mapping>
@@ -252,5 +269,85 @@
</update-cf-stack>
</rule>
</rule>
<rule match="$[?(@.networking.state.ready_for_cf and not @.temp.defaultSecurityApplied)]"
desc = "Need to apply default security rules">
<update-cf-stack template="DefaultSecurity">
<parameter name="mappings">
<map>
<mapping name="envName"><select path="/name"/></mapping>
<mapping name="cidr"><select path="/networking.cidr"/></mapping>
</map>
</parameter>
<success>
<set path="/temp.defaultSecurityApplied"><true/></set>
<report entity="environment" level="info">
<parameter name="id"><select path="/id"/></parameter>
<parameter name="text">Applied default security template in subnet <select path="/networking.cidr"/></parameter>
</report>
</success>
</update-cf-stack>
<rule match="$.networking.networks[*]">
<update-cf-stack template="DefaultSecurity">
<parameter name="mappings">
<map>
<mapping name="envName"><select path="/name"/></mapping>
<mapping name="cidr"><select path="cidr"/></mapping>
</map>
</parameter>
<success>
<set path="/temp.defaultSecurityApplied"><true/></set>
<report entity="environment" level="info">
<parameter name="id"><select path="/id"/></parameter>
<parameter name="text">Applied default security template in subnet <select path="cidr"/></parameter>
</report>
</success>
</update-cf-stack>
</rule>
</rule>
<rule match="$[?(@.networking.state.ready_for_cf)].services[?(@.securityTemplates and not @.temp.securityApplied)].securityTemplates[*]"
desc="Custom security templates exist">
<set path="#templateName">
<select/>
</set>
<update-cf-stack>
<parameter name="template"><select/></parameter>
<parameter name="mappings">
<map>
<mapping name="envName"><select path="/name"/></mapping>
<mapping name="cidr"><select path="/networking.cidr"/></mapping>
</map>
</parameter>
<success>
<set path="::temp.securityApplied"><true/></set>
<report entity="service" level="info">
<parameter name="id"><select path="::id"/></parameter>
<parameter name="text">Applied security template <select source="templateName"/> for <select path="::name"/> in subnet <select path="/networking.cidr"/></parameter>
</report>
</success>
</update-cf-stack>
<set path="#service">
<select path="::"/>
</set>
<rule match="/$.networking.networks[*]">
<update-cf-stack>
<parameter name="template"><select source="templateName"/></parameter>
<parameter name="mappings">
<map>
<mapping name="envName"><select path="/name"/></mapping>
<mapping name="cidr"><select path="cidr"/></mapping>
</map>
</parameter>
<success>
<report entity="service" level="info">
<parameter name="id"><select path="id" source="service"/></parameter>
<parameter name="text">Applied security template <select source="templateName"/> for <select path="name" source="service"/> in subnet <select path="cidr"/></parameter>
</report>
</success>
</update-cf-stack>
</rule>
</rule>
</rule>
</workflow>

10
muranorepository/Services/workflows/WebApps.xml
View File

@@ -1,4 +1,14 @@
<workflow>
<rule match="$.services[?(@.type in ('webServer', 'aspNetApp', 'webServerFarm', 'aspNetAppFarm') and not @.securityTemplates)]">
<set path="securityTemplates">
<list>
<text>WindowsSecurity</text>
<text>WebServerSecurity</text>
</list>
</set>
</rule>
<rule match="$.services[?(@.type in ('webServer', 'aspNetApp', 'webServerFarm', 'aspNetAppFarm') and @.domain)].units[*]"
desc='Units of web services with domain'>
<set path="domain">