v2.2.3: fix sas submodule

CHANGELOG.md

@@ -21,6 +21,10 @@
     - make ingress_self stuff work
     - fix missing default egress
 
+* v2.2.3 -- 20211026
+  - sas
+    - fix ports, self_port_list
+
 # OLDER
 
 ## web

common/version.tf

@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.2.2"
+  _module_version = "2.2.3"
 }

sas/README.md

@@ -104,10 +104,10 @@ No modules.
 | <a name="input_egress_security_groups"></a> [egress\_security\_groups](#input\_egress\_security\_groups) | List of egress security groups (all ports) | `list(string)` | `[]` | no |
 | <a name="input_enable_self"></a> [enable\_self](#input\_enable\_self) | Enable\|Disable self full access | `bool` | `false` | no |
 | <a name="input_ingress_networks"></a> [ingress\_networks](#input\_ingress\_networks) | List of ingress networks for access (with all pre-defined ingress ports) | `list(string)` | `[]` | no |
-| <a name="input_ingress_port_list"></a> [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list` | <pre>[<br>  []<br>]</pre> | no |
+| <a name="input_ingress_port_list"></a> [ingress\_port\_list](#input\_ingress\_port\_list) | Ingress port list of 5-tuple: from, to, proto, description, and cidr(list) | `list` | `[]` | no |
 | <a name="input_ingress_port_map"></a> [ingress\_port\_map](#input\_ingress\_port\_map) | Ingress port list of objects: from, to, proto, description and cidr(list) | <pre>list(object({<br>    from        = number<br>    to          = number<br>    proto       = any<br>    description = string<br>    cidr        = list(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_ingress_security_groups"></a> [ingress\_security\_groups](#input\_ingress\_security\_groups) | List of ingress security groups for all ports | `list(string)` | `[]` | no |
-| <a name="input_ingress_self_port_list"></a> [ingress\_self\_port\_list](#input\_ingress\_self\_port\_list) | Ingress port list of 4-tuple: from, to, proto, description | `list` | <pre>[<br>  []<br>]</pre> | no |
+| <a name="input_ingress_self_port_list"></a> [ingress\_self\_port\_list](#input\_ingress\_self\_port\_list) | Ingress port list of 4-tuple: from, to, proto, description | `list` | `[]` | no |
 | <a name="input_ingress_self_port_map"></a> [ingress\_self\_port\_map](#input\_ingress\_self\_port\_map) | Ingress self access port list of objects: from, to, proto, description | <pre>list(object({<br>    from        = number<br>    to          = number<br>    proto       = any<br>    description = string<br>  }))</pre> | `[]` | no |
 | <a name="input_name"></a> [name](#input\_name) | Security Group Name | `string` | `""` | no |
 | <a name="input_short_description"></a> [short\_description](#input\_short\_description) | Security Group Short Description | `string` | `""` | no |

sas/defaults.tf

@@ -1,5 +1,7 @@
 locals {
   _defaults = {
+    self_port_list = [{ from = 0, to = 0, proto = -1, description = "all" }]
+
     name              = "m-sas"
     description       = "Security group for SAS"
     short_description = "SAS"

sas/ports.tf

@@ -11,26 +11,26 @@ locals {
     "all"    = ["0.0.0.0/0"]
     "census" = ["148.129.0.0/16", "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"]
   }
-  source_groups = ["all", "external"]
+  #  source_groups = ["all", "external"]
 
   ports = [
-    [5450, 5460, "tcp", "OLAP Server", local.networks["all"], ["external"]],
-    [7080, 7090, "tcp", "Environment Manager HTTP", local.networks["all"], ["external"]],
-    [7111, 7111, "tcp", "Dcoument Conversion", local.networks["all"], ["external"]],
-    [7443, 7443, "tcp", "Environment Manager HTTPS", local.networks["all"], ["external"]],
-    #    [7541, 7541, "tcp", "CONNECT Spawner Operator", local.networks["all"], ["external"]],
-    #    [7551, 7551, "tcp", "CONNECT Server", local.networks["all"], ["external"] ],
-    [7540, 7560, "tcp", "CONNECT", local.networks["all"], ["external"]],
-    [7980, 7990, "tcp", "Web Server HTTP", local.networks["all"], ["external"]],
-    [8343, 8353, "tcp", "Web Server HTTPS", local.networks["all"], ["external"]],
-    [8443, 8453, "tcp", "Web Application Server HTTPS", local.networks["all"], ["external"]],
-    [8451, 8461, "tcp", "OS Services Scheduler", local.networks["all"], ["external"]],
-    [8540, 8640, "tcp", "Metadata", local.networks["all"], ["external"]],
-    [8701, 8711, "tcp", "Pooled Workspace", local.networks["all"], ["external"]],
-    [8800, 8830, "tcp", "Object Spawner", local.networks["all"], ["external"]],
-    [9431, 9441, "tcp", "Web Infra Platform", local.networks["all"], ["external"]],
-    [9831, 9841, "tcp", "Data Remediation", local.networks["all"], ["external"]],
-    [9831, 9841, "tcp", "Data Remediation", local.networks["all"], ["external"]],
+    [5450, 5460, "tcp", "OLAP Server", local.networks["all"]],
+    [7080, 7090, "tcp", "Environment Manager HTTP", local.networks["all"]],
+    [7111, 7111, "tcp", "Dcoument Conversion", local.networks["all"]],
+    [7443, 7443, "tcp", "Environment Manager HTTPS", local.networks["all"]],
+    #    [7541, 7541, "tcp", "CONNECT Spawner Operator", local.networks["all"] ],
+    #    [7551, 7551, "tcp", "CONNECT Server", local.networks["all"] ],
+    [7540, 7560, "tcp", "CONNECT", local.networks["all"]],
+    [7980, 7990, "tcp", "Web Server HTTP", local.networks["all"]],
+    [8343, 8353, "tcp", "Web Server HTTPS", local.networks["all"]],
+    [8443, 8453, "tcp", "Web Application Server HTTPS", local.networks["all"]],
+    [8451, 8461, "tcp", "OS Services Scheduler", local.networks["all"]],
+    [8540, 8640, "tcp", "Metadata", local.networks["all"]],
+    [8701, 8711, "tcp", "Pooled Workspace", local.networks["all"]],
+    [8800, 8830, "tcp", "Object Spawner", local.networks["all"]],
+    [9431, 9441, "tcp", "Web Infra Platform", local.networks["all"]],
+    [9831, 9841, "tcp", "Data Remediation", local.networks["all"]],
+    [9831, 9841, "tcp", "Data Remediation", local.networks["all"]],
   ]
 
   ingress_networks = var.ingress_networks