From 914b27e32ee5584e15099f3828f9f335929fe165 Mon Sep 17 00:00:00 2001 From: Josh Russett Date: Fri, 16 Feb 2024 23:39:02 +0000 Subject: [PATCH] Add config for comma-delim. dest. in ASGs Adds configuration to the `cloud_controller_ng` job to allow operators to configure CloudController to allow ASGs with comma-delimited destinations. For example, the following ASG definition would be valid: ``` [ { "protocol": "tcp", "destination": "1.2.3.4,10.0.0.0/24,25.0.0.0-26.0.0.0", "ports": "65432", "description": "Valid comma delimited list of destinations" } ] ``` [#186770494](https://www.pivotaltracker.com/story/show/186770494) --- jobs/cloud_controller_ng/spec | 3 +++ jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb | 2 ++ 2 files changed, 5 insertions(+) diff --git a/jobs/cloud_controller_ng/spec b/jobs/cloud_controller_ng/spec index 55d2f11f17..0f9f7901c2 100644 --- a/jobs/cloud_controller_ng/spec +++ b/jobs/cloud_controller_ng/spec @@ -975,6 +975,9 @@ properties: description: "The default running security groups that will be seeded in CloudController. Note: security groups are only seeded on the first deploy, after which they should be managed via the API" cc.default_staging_security_groups: description: "The default staging security groups that will be seeded in CloudController. Note: security groups are only seeded on the first deploy, after which they should be managed via the API" + cc.security_groups.enable_comma_delimited_destinations: + description: "Flag to enable comma-delimited destinations (e.g. `1.1.1.1,10.0.0.0/24`) within security group definitions. Defaults to `false`." + default: false cc.allowed_cors_domains: description: "List of domains (including scheme) from which Cross-Origin requests will be accepted, a * can be used as a wildcard for any part of a domain" diff --git a/jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb b/jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb index 33e0767d32..5c190876ce 100644 --- a/jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb +++ b/jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb @@ -433,6 +433,8 @@ log_audit_events: <%= p("cc.log_audit_events") %> security_group_definitions: <%= p("cc.security_group_definitions").to_json %> default_running_security_groups: <%= p("cc.default_running_security_groups").to_json %> default_staging_security_groups: <%= p("cc.default_staging_security_groups").to_json %> +security_groups: + enable_comma_delimited_destinations: <%= p("cc.security_groups.enable_comma_delimited_destinations") %> allowed_cors_domains: <%= p("cc.allowed_cors_domains").to_json %>