From c0d046b64cdc4a4c1bc76b2f485f1cfce9ed4dd4 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 28 May 2021 15:00:54 -0400 Subject: [PATCH] remove hpsa, hpom: INC000002703111 --- it-windows-base/CHANGELOG.md | 7 +++++- it-windows-base/README.md | 48 +++++++++++++++++++----------------- it-windows-base/ports.tf | 27 +++++++++++--------- it-windows-base/version.tf | 2 +- 4 files changed, 47 insertions(+), 37 deletions(-) diff --git a/it-windows-base/CHANGELOG.md b/it-windows-base/CHANGELOG.md index 4315820..e9e2e5e 100644 --- a/it-windows-base/CHANGELOG.md +++ b/it-windows-base/CHANGELOG.md @@ -5,6 +5,11 @@ * add EnCase source 148.129.71.121 to 4445/tcp (ticket INC000002587282) * add Riverbed Transaction Agent (formerly appcapture) 172.24.100.107 to 27401/tcp -# v1.2 -- 20210226 +# v1.2.0 -- 20210226 * add HPSA and HPOM * ticket INC000002652291 + +# v1.2.1 -- 20210528 + * remove HPSA and HPOM + * ticket INC000002703111 + diff --git a/it-windows-base/README.md b/it-windows-base/README.md index 7c2097e..d4b7039 100644 --- a/it-windows-base/README.md +++ b/it-windows-base/README.md @@ -2,7 +2,7 @@ This describes how to use the aws-common-security-groups submodule for it-windows-base. -Commonly used ports and services are set up here, including ICMP, AD, RDP, NTP, DNS, SNMP, +Commonly used ports and services are set up here, including ICMP, AD, RDP, NTP, DNS, SNMP, monit, munin, iperf, netperf, NetBackup and Opsware. ## Usage @@ -22,46 +22,48 @@ module "it-windows-base" { | Name | Version | |------|---------| -| terraform | >= 0.12 | +| [terraform](#requirement\_terraform) | >= 0.12 | ## Providers | Name | Version | |------|---------| -| aws | n/a | +| [aws](#provider\_aws) | n/a | ## Modules -No Modules. +No modules. ## Resources -| Name | -|------| -| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | -| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | -| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | +| Name | Type | +|------|------| +| [aws_security_group.this_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_security_group.egress_security_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source | +| [aws_security_group.ingress_security_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source | +| [aws_vpc.selected](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | +| [aws_vpc.this_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| description | Security Group Description | `string` | `"Windows Common Base Security Group"` | no | -| egress\_networks | List of egress networks (all ports) | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| egress\_security\_groups | List of egress security groups (all ports) | `list(string)` | `[]` | no | -| enable\_self | Enable\|Disable self full access | `bool` | `false` | no | -| ingress\_networks | List of ingress networks for external access (not all ports) | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| ingress\_security\_groups | List of ingress security groups for all ports | `list(string)` | `[]` | no | -| name | Security Group Name | `string` | `"it-windows-base"` | no | -| short\_description | Security Group Short Description | `string` | `"Windows"` | no | -| tags | Extra security group tags | `map` | 
{
  "CostAllocation": "csvd:infrastructure",
  "Environment": "csvd-infrastructure"
}
| no | -| use\_vpc\_cidr | Enable\|Disable use of VPC CIDR block in the ingress\_networks | `bool` | `false` | no | -| vpc\_full\_name | VPC Name | `string` | `""` | no | -| vpc\_id | VPC ID Number | `string` | n/a | yes | +| [description](#input\_description) | Security Group Description | `string` | `"Windows Common Base Security Group"` | no | +| [egress\_networks](#input\_egress\_networks) | List of egress networks (all ports) | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [egress\_security\_groups](#input\_egress\_security\_groups) | List of egress security groups (all ports) | `list(string)` | `[]` | no | +| [enable\_self](#input\_enable\_self) | Enable\|Disable self full access | `bool` | `false` | no | +| [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for external access (not all ports) | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [ingress\_security\_groups](#input\_ingress\_security\_groups) | List of ingress security groups for all ports | `list(string)` | `[]` | no | +| [name](#input\_name) | Security Group Name | `string` | `"it-windows-base"` | no | +| [short\_description](#input\_short\_description) | Security Group Short Description | `string` | `"Windows"` | no | +| [tags](#input\_tags) | Extra security group tags | `map` | 
{
  "CostAllocation": "csvd:infrastructure",
  "Environment": "csvd-infrastructure"
}
| no | +| [use\_vpc\_cidr](#input\_use\_vpc\_cidr) | Enable\|Disable use of VPC CIDR block in the ingress\_networks | `bool` | `false` | no | +| [vpc\_full\_name](#input\_vpc\_full\_name) | VPC Name | `string` | `""` | no | +| [vpc\_id](#input\_vpc\_id) | VPC ID Number | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| this\_security\_group\_arn | Created security group ARN | -| this\_security\_group\_id | Created security group ID | +| [this\_security\_group\_arn](#output\_this\_security\_group\_arn) | Created security group ARN | +| [this\_security\_group\_id](#output\_this\_security\_group\_id) | Created security group ID | diff --git a/it-windows-base/ports.tf b/it-windows-base/ports.tf index 6b9aee2..ba25b3c 100644 --- a/it-windows-base/ports.tf +++ b/it-windows-base/ports.tf @@ -17,15 +17,15 @@ ## this adds iperf3 locals { - n_all = ["0.0.0.0/0"] - n_census = ["148.129.0.0/16", "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"] - n_mgmt = ["148.129.162.0/24", "148.129.95.0/24"] - n_backup = ["10.193.0.0/22"] - n_ansible = ["172.24.12.239/32"] - n_encase = ["148.129.121.72/32"] - n_riverbed = ["172.24.100.107/32"] - n_hpsa = ["172.24.100.141/32", "172.24.100.154/32", "172.24.100.165/32"] - n_hpom = ["172.24.105.24/32"] + n_all = ["0.0.0.0/0"] + n_census = ["148.129.0.0/16", "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"] + n_mgmt = ["148.129.162.0/24", "148.129.95.0/24"] + n_backup = ["10.193.0.0/22"] + n_ansible = ["172.24.12.239/32"] + n_encase = ["148.129.121.72/32"] + n_riverbed = ["172.24.100.107/32"] + # n_hpsa = ["172.24.100.141/32", "172.24.100.154/32", "172.24.100.165/32"] + # n_hpom = ["172.24.105.24/32"] source_groups = ["all", "external"] name = var.name ports = [ @@ -38,9 +38,9 @@ locals { [4445, 4445, "tcp", "EnCase", local.n_encase, ["external"]], [5986, 5986, "tcp", "WinRM-https", local.n_ansible, ["external"]], [27401, 27401, "tcp", "TransactionAgent", local.n_riverbed, ["external"]], - [1002, 1002, "tcp", "HPSA", local.n_hpsa, ["external"]], - [383, 383, "tcp", "HPOM", local.n_hpom, ["external"]], - [383, 383, "udp", "HPOM", local.n_hpom, ["external"]], + # [1002, 1002, "tcp", "HPSA", local.n_hpsa, ["external"]], + # [383, 383, "tcp", "HPOM", local.n_hpom, ["external"]], + # [383, 383, "udp", "HPOM", local.n_hpom, ["external"]], ] # these are ignored @@ -57,3 +57,6 @@ locals { s => [for p in local.p_map : p if contains(p["source_group"], s)] } } + +# INC000002703111 +# remove 383, 1002 diff --git a/it-windows-base/version.tf b/it-windows-base/version.tf index 1ee6619..54b3493 100644 --- a/it-windows-base/version.tf +++ b/it-windows-base/version.tf @@ -1,3 +1,3 @@ locals { - _module_version = "1.2.0" + _module_version = "1.2.1" }