diff --git a/CHANGELOG.md b/CHANGELOG.md
index f3bafbe..dccccf7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,10 @@
- make ingress_self stuff work
- fix missing default egress
+* v2.2.3 -- 20211026
+ - sas
+ - fix ports, self_port_list
+
# OLDER
## web
diff --git a/common/version.tf b/common/version.tf
index 548c682..ed20f74 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
locals {
- _module_version = "2.2.2"
+ _module_version = "2.2.3"
}
diff --git a/sas/README.md b/sas/README.md
index 5f237db..9257ccd 100644
--- a/sas/README.md
+++ b/sas/README.md
@@ -104,10 +104,10 @@ No modules.
| [egress\_security\_groups](#input\_egress\_security\_groups) | List of egress security groups (all ports) | `list(string)` | `[]` | no |
| [enable\_self](#input\_enable\_self) | Enable\|Disable self full access | `bool` | `false` | no |
| [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for access (with all pre-defined ingress ports) | `list(string)` | `[]` | no |
-| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list` | [
[]
]
| no |
+| [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list` | `[]` | no |
| [ingress\_port\_map](#input\_ingress\_port\_map) | Ingress port list of objects: from, to, proto, description and cidr(list) | list(object({
from = number
to = number
proto = any
description = string
cidr = list(string)
})) | `[]` | no |
| [ingress\_security\_groups](#input\_ingress\_security\_groups) | List of ingress security groups for all ports | `list(string)` | `[]` | no |
-| [ingress\_self\_port\_list](#input\_ingress\_self\_port\_list) | Ingress port list of 4-tuple: from, to, proto, description | `list` | [
[]
]
| no |
+| [ingress\_self\_port\_list](#input\_ingress\_self\_port\_list) | Ingress port list of 4-tuple: from, to, proto, description | `list` | `[]` | no |
| [ingress\_self\_port\_map](#input\_ingress\_self\_port\_map) | Ingress self access port list of objects: from, to, proto, description | list(object({
from = number
to = number
proto = any
description = string
})) | `[]` | no |
| [name](#input\_name) | Security Group Name | `string` | `""` | no |
| [short\_description](#input\_short\_description) | Security Group Short Description | `string` | `""` | no |
diff --git a/sas/defaults.tf b/sas/defaults.tf
index ab5a4e9..0b55799 100644
--- a/sas/defaults.tf
+++ b/sas/defaults.tf
@@ -1,5 +1,7 @@
locals {
_defaults = {
+ self_port_list = [{ from = 0, to = 0, proto = -1, description = "all" }]
+
name = "m-sas"
description = "Security group for SAS"
short_description = "SAS"
diff --git a/sas/ports.tf b/sas/ports.tf
index a554cbf..4565835 100644
--- a/sas/ports.tf
+++ b/sas/ports.tf
@@ -11,26 +11,26 @@ locals {
"all" = ["0.0.0.0/0"]
"census" = ["148.129.0.0/16", "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"]
}
- source_groups = ["all", "external"]
+ # source_groups = ["all", "external"]
ports = [
- [5450, 5460, "tcp", "OLAP Server", local.networks["all"], ["external"]],
- [7080, 7090, "tcp", "Environment Manager HTTP", local.networks["all"], ["external"]],
- [7111, 7111, "tcp", "Dcoument Conversion", local.networks["all"], ["external"]],
- [7443, 7443, "tcp", "Environment Manager HTTPS", local.networks["all"], ["external"]],
- # [7541, 7541, "tcp", "CONNECT Spawner Operator", local.networks["all"], ["external"]],
- # [7551, 7551, "tcp", "CONNECT Server", local.networks["all"], ["external"] ],
- [7540, 7560, "tcp", "CONNECT", local.networks["all"], ["external"]],
- [7980, 7990, "tcp", "Web Server HTTP", local.networks["all"], ["external"]],
- [8343, 8353, "tcp", "Web Server HTTPS", local.networks["all"], ["external"]],
- [8443, 8453, "tcp", "Web Application Server HTTPS", local.networks["all"], ["external"]],
- [8451, 8461, "tcp", "OS Services Scheduler", local.networks["all"], ["external"]],
- [8540, 8640, "tcp", "Metadata", local.networks["all"], ["external"]],
- [8701, 8711, "tcp", "Pooled Workspace", local.networks["all"], ["external"]],
- [8800, 8830, "tcp", "Object Spawner", local.networks["all"], ["external"]],
- [9431, 9441, "tcp", "Web Infra Platform", local.networks["all"], ["external"]],
- [9831, 9841, "tcp", "Data Remediation", local.networks["all"], ["external"]],
- [9831, 9841, "tcp", "Data Remediation", local.networks["all"], ["external"]],
+ [5450, 5460, "tcp", "OLAP Server", local.networks["all"]],
+ [7080, 7090, "tcp", "Environment Manager HTTP", local.networks["all"]],
+ [7111, 7111, "tcp", "Dcoument Conversion", local.networks["all"]],
+ [7443, 7443, "tcp", "Environment Manager HTTPS", local.networks["all"]],
+ # [7541, 7541, "tcp", "CONNECT Spawner Operator", local.networks["all"] ],
+ # [7551, 7551, "tcp", "CONNECT Server", local.networks["all"] ],
+ [7540, 7560, "tcp", "CONNECT", local.networks["all"]],
+ [7980, 7990, "tcp", "Web Server HTTP", local.networks["all"]],
+ [8343, 8353, "tcp", "Web Server HTTPS", local.networks["all"]],
+ [8443, 8453, "tcp", "Web Application Server HTTPS", local.networks["all"]],
+ [8451, 8461, "tcp", "OS Services Scheduler", local.networks["all"]],
+ [8540, 8640, "tcp", "Metadata", local.networks["all"]],
+ [8701, 8711, "tcp", "Pooled Workspace", local.networks["all"]],
+ [8800, 8830, "tcp", "Object Spawner", local.networks["all"]],
+ [9431, 9441, "tcp", "Web Infra Platform", local.networks["all"]],
+ [9831, 9841, "tcp", "Data Remediation", local.networks["all"]],
+ [9831, 9841, "tcp", "Data Remediation", local.networks["all"]],
]
ingress_networks = var.ingress_networks