Merge pull request #162 from base2Services/develop

develop
base2Services · Sep 28, 2021 · aa5b7d0 · aa5b7d0
2 parents 43f7881 + 8febd3c
commit aa5b7d0
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 6 deletions.
diff --git a/.github/workflows/release-image.yml b/.github/workflows/release-image.yml
@@ -29,5 +29,5 @@ jobs:
         context: .
         file: ./Dockerfile
         push: true
-        tags: ghcr.io/${{ github.repository_owner }}/ciinabox-ecs:${{ github.event.release.tag_name }}
+        tags: ghcr.io/${{ github.repository_owner.lowercase }}/ciinabox-ecs:${{ github.event.release.tag_name }}
         build-args: CIINABOX_ECS_VERSION=${{ github.event.release.tag_name }}
diff --git a/ciinabox-ecs.gemspec b/ciinabox-ecs.gemspec
@@ -3,7 +3,7 @@ require 'date'
 
 Gem::Specification.new do |s|
   s.name = 'ciinabox-ecs'
-  s.version = '0.4.0'
+  s.version = '0.4.1'
   s.version = "#{s.version}.alpha.#{Time.now.getutc.to_i}" if ENV['TRAVIS'] and ENV['TRAVIS_BRANCH'] != 'master'
   s.date = Date.today.to_s
   s.summary = 'Manage ciinabox on Aws Ecs'

diff --git a/templates/vpc.rb b/templates/vpc.rb
@@ -158,6 +158,9 @@
   end
 
   rules = []
+
+  opsAccess = opsAccess || []
+
   opsAccess.each do |ip|
     rules << { IpProtocol: 'tcp', FromPort: '22', ToPort: '22', CidrIp: ip }
     rules << { IpProtocol: 'tcp', FromPort: '80', ToPort: '80', CidrIp: ip }
@@ -178,10 +181,13 @@
     Type 'AWS::EC2::SecurityGroup'
     Property('VpcId', Ref('VPC'))
     Property('GroupDescription', 'Ops External Access')
-    Property('SecurityGroupIngress', rules)
+    Property('SecurityGroupIngress', rules) if rules.any?
   }
 
   rules = []
+
+  devAccess = devAccess || []
+
   devAccess.each do |ip|
     rules << { IpProtocol: 'tcp', FromPort: '22', ToPort: '22', CidrIp: ip }
     rules << { IpProtocol: 'tcp', FromPort: '80', ToPort: '80', CidrIp: ip }
@@ -202,7 +208,7 @@
     Type 'AWS::EC2::SecurityGroup'
     Property('VpcId', Ref('VPC'))
     Property('GroupDescription', 'Dev Team Access')
-    Property('SecurityGroupIngress', rules)
+    Property('SecurityGroupIngress', rules) if rules.any?
   }
 
 
@@ -300,4 +306,4 @@
     Value(Ref('SecurityGroupDev'))
   }
 
-}
+}
diff --git a/templates/vpn.rb b/templates/vpn.rb
@@ -41,18 +41,30 @@
   security_groups << Ref('VpnSecurityGroupOps')
 
   rules = []
+
+  devAccess = devAccess || []
+
   devAccess.each do |ip|
     rules << { IpProtocol: 'tcp', FromPort: '443', ToPort: '443', CidrIp: ip }
     rules << { IpProtocol: 'tcp', FromPort: '9443', ToPort: '9443', CidrIp: ip }
     rules << { IpProtocol: 'tcp', FromPort: '943', ToPort: '943', CidrIp: ip }
     rules << { IpProtocol: 'udp', FromPort: '1194', ToPort: '1194', CidrIp: ip }
   end
 
+  devIpPrefixLists = devIpPrefixLists || []
+
+  devIpPrefixLists.each do |list|
+    rules << { IpProtocol: 'tcp', FromPort: '443', ToPort: '443', SourcePrefixListId: list }
+    rules << { IpProtocol: 'tcp', FromPort: '9443', ToPort: '9443', SourcePrefixListId: list }
+    rules << { IpProtocol: 'tcp', FromPort: '943', ToPort: '943', SourcePrefixListId: list }
+    rules << { IpProtocol: 'udp', FromPort: '1194', ToPort: '1194', SourcePrefixListId: list }
+  end
+
   Resource("VpnSecurityGroupDev") {
     Type 'AWS::EC2::SecurityGroup'
     Property('VpcId', Ref('VPC'))
     Property('GroupDescription', 'Dev Team Access')
-    Property('SecurityGroupIngress', rules)
+    Property('SecurityGroupIngress', rules) if rules.any?
   }
 
   security_groups << Ref('VpnSecurityGroupDev')