Added Active Directory security rules

TCP port 53 is now open for internal traffic within the environment (restricted by env's subnet CIDR) Change-Id: I22198b1f84c4ec35c658482b73b14b4ad3aa1f61 Closes-bug: #1259472
2013-12-10 13:38:22 +04:00 · 2013-12-10 13:38:22 +04:00 · aa785d2079
commit aa785d2079
parent 546619c2b4
3 changed files with 19 additions and 0 deletions
--- a/muranorepository/Services/activeDirectory-manifest.yaml
+++ b/muranorepository/Services/activeDirectory-manifest.yaml
@ -21,6 +21,7 @@ heat:
 - NNSecurity.template
 - DefaultSecurity.template
 - WindowsSecurity.template
+- DomainSecurity.template
 scripts:
 - Install-RoleSecondaryDomainController.ps1
 - Install-RolePrimaryDomainController.ps1
--- a/muranorepository/Services/heat_templates/DomainSecurity.template
+++ b/muranorepository/Services/heat_templates/DomainSecurity.template
@ -0,0 +1,17 @@
+{
+    "Resources": {
+        "$MuranoSecurityGroup-{envName}": {
+            "Type": "AWS::EC2::SecurityGroup",
+            "Properties": {
+                "SecurityGroupIngress": [
+                    {
+                        "ToPort": "53",
+                        "IpProtocol": "tcp",
+                        "FromPort": "53",
+                        "CidrIp": "$cidr"
+                    }
+                ]
+            }
+        }
+    }
+}
--- a/muranorepository/Services/workflows/AD.xml
+++ b/muranorepository/Services/workflows/AD.xml
@ -10,6 +10,7 @@
 	<rule match="$.services[?(@.type == 'activeDirectory' and not @.securityTemplates)]">
        <set path="securityTemplates">
            <list>
+                <text>DomainSecurity</text>
                <text>WindowsSecurity</text>
            </list>
        </set>