-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature for updating SecurityGroup rule #482
Comments
@inno-cloudbarista @dev4unet @innodreamer
|
@powerkimhub @seokho-son |
|
@jihoon-seo 위의 comment 참고하십시오. |
[Mock Driver]
|
@seokho-son @jihoon-seo ( @inno-cloudbarista @dev4unet @innodreamer ) [AddRules/RemoveRules 관련 REST API 추가 완료]
[REST API 특이사항]
[Mock + REST API 활용 방법 참고]
Mock Driver 및 Connection 설정
Setup env.
Create a SG with 1 rules
Add 2 rules => 3 rules
Remove 2 rules => 1 rules
Get SG => 1 rules
Delete the SG
|
@powerkimhub NCP VPC Cloud에 대한 SecurityGroup 관련 개선 작업을 1차 완료했습니다.
|
@jihoon-seo @seokho-son (@inno-cloudbarista @dev4unet @innodreamer)
|
@inno-cloudbarista @dev4unet @innodreamer (@jihoon-seo @seokho-son)
|
----------- Test: All Closed
----------- Test: All Opened
|
|
@powerkimhub NHN Cloud에 대한 SecurityGroup 관련 개선 작업을 1차 완료했습니다.
(참고) 위의 개선 관련하여, NCP VPC와 NHN Cloud에서 제공하는 API를 이용했을때 아래와 같은 특성이 있었습니다.
|
@powerkimhub S/G의 AddRules()/RemoveRules() 관련하여 아래의 상황에서는 어떻게 처리할지 결정하여 여러 driver에서 가능한한 통일시키면 좋을거 같습니다. [ 결정 필요 사항 1 ]
[ 결정 필요 사항 2 ]
|
@inno-cloudbarista @dev4unet @innodreamer
|
@inno-cloudbarista @dev4unet @innodreamer inbound test 도구 개발 및 AWS 검증 시험 완료
[aws-01.inbound-case-01.sh-Test:2022.04.24-16:30:34]
[aws-02.inbound-case-02.sh-Test:2022.04.24-16:30:56]
[aws-03.inbound-case-03.sh-Test:2022.04.24-16:31:10]
[aws-04.inbound-case-04.sh-Test:2022.04.24-16:31:33]
[aws-05.inbound-case-05.sh-Test:2022.04.24-16:31:53]
[aws-06.inbound-case-06.sh-Test:2022.04.24-16:32:17]
[aws-10.inbound-case-10.sh-Test:2022.04.24-16:32:39]
[aws-11.inbound-case-11.sh-Test:2022.04.24-16:32:52]
[aws-20.inbound-case-20.sh-Test:2022.04.24-16:33:16]
[aws-21.inbound-case-21.sh-Test:2022.04.24-16:33:39]
|
@inno-cloudbarista @dev4unet @innodreamer
[AWS Test Results: all pass][aws-01.inbound-case-01.sh-Test:2022.04.25-06:20:34]
[aws-02.inbound-case-02.sh-Test:2022.04.25-06:20:57]
[aws-03.inbound-case-03.sh-Test:2022.04.25-06:21:10]
[aws-04.inbound-case-04.sh-Test:2022.04.25-06:21:33]
[aws-05.inbound-case-05.sh-Test:2022.04.25-06:21:54]
[aws-06.inbound-case-06.sh-Test:2022.04.25-06:22:17]
[aws-10.inbound-case-10.sh-Test:2022.04.25-06:22:40]
[aws-11.inbound-case-11.sh-Test:2022.04.25-06:22:53]
[aws-20.inbound-case-20.sh-Test:2022.04.25-06:23:17]
[aws-21.inbound-case-21.sh-Test:2022.04.25-06:23:41]
[Azure Test Results: Rule 적용 이슈 존재][azure-01.inbound-case-01.sh-Test:2022.04.25-07:33:38]
[azure-02.inbound-case-02.sh-Test:2022.04.25-07:34:12]
[azure-03.inbound-case-03.sh-Test:2022.04.25-07:34:23]
[azure-04.inbound-case-04.sh-Test:2022.04.25-07:34:53]
[azure-05.inbound-case-05.sh-Test:2022.04.25-07:35:22]
[azure-06.inbound-case-06.sh-Test:2022.04.25-07:36:03]
[azure-10.inbound-case-10.sh-Test:2022.04.25-07:36:45]
[azure-11.inbound-case-11.sh-Test:2022.04.25-07:37:03]
[azure-20.inbound-case-20.sh-Test:2022.04.25-07:37:48]
[azure-21.inbound-case-21.sh-Test:2022.04.25-07:38:33]
|
[Cloudit]
[cloudit-01.inbound-case-01.sh-Test:2022.04.26-14:34:20]
[cloudit-02.inbound-case-02.sh-Test:2022.04.26-14:34:43]
[cloudit-03.inbound-case-03.sh-Test:2022.04.26-14:34:48]
[cloudit-04.inbound-case-04.sh-Test:2022.04.26-14:35:09]
[cloudit-05.inbound-case-05.sh-Test:2022.04.26-14:35:30]
[cloudit-06.inbound-case-06.sh-Test:2022.04.26-14:35:53]
[cloudit-10.inbound-case-10.sh-Test:2022.04.26-14:36:17]
[cloudit-11.inbound-case-11.sh-Test:2022.04.26-14:36:22]
[cloudit-20.inbound-case-20.sh-Test:2022.04.26-14:36:28]
[cloudit-21.inbound-case-21.sh-Test:2022.04.26-14:36:35]
[Openstack]
[openstack-01.inbound-case-01.sh-Test:2022.04.26-09:26:33]
[openstack-02.inbound-case-02.sh-Test:2022.04.26-09:27:00]
[openstack-03.inbound-case-03.sh-Test:2022.04.26-09:27:08]
[openstack-04.inbound-case-04.sh-Test:2022.04.26-09:27:39]
[openstack-05.inbound-case-05.sh-Test:2022.04.26-09:28:07]
[openstack-06.inbound-case-06.sh-Test:2022.04.26-09:28:35]
[openstack-10.inbound-case-10.sh-Test:2022.04.26-09:29:03]
[openstack-11.inbound-case-11.sh-Test:2022.04.26-09:29:12]
[openstack-20.inbound-case-20.sh-Test:2022.04.26-09:29:49]
[openstack-21.inbound-case-21.sh-Test:2022.04.26-09:30:21]
[Ibm-VPC] admin-web에서 Ibm-vpc에 대한 Connection 생성이 되지 않습니다. IBM - IBM-VPC의 혼용되어 사용되어 생기는 문제 같습니다. 수동적인 테스트는 시간이 좀더 필요할거 같습니다. [Azure] 테스트 결과에 대해서 간단한 vm과 client 통신 환경을 가지고 수동으로 테스트해보았습니다. 해당 문제는 Rule 수정 삭제는 정상적으로 작동하나, Rule 수정 후 적용시간이 필요한것으로 보입니다. 일정시간이 지나면 변경된 Rule이 적용되는것은 확인하였습니다. |
[tencent-01.inbound-case-01.sh-Test:2022.04.26-16:46:59]
[tencent-02.inbound-case-02.sh-Test:2022.04.26-16:47:41]
[tencent-03.inbound-case-03.sh-Test:2022.04.26-16:47:50]
[tencent-04.inbound-case-04.sh-Test:2022.04.26-16:48:25]
[tencent-05.inbound-case-05.sh-Test:2022.04.26-16:49:11]
[tencent-06.inbound-case-06.sh-Test:2022.04.26-16:49:47]
[tencent-10.inbound-case-10.sh-Test:2022.04.26-16:50:23]
[tencent-11.inbound-case-11.sh-Test:2022.04.26-16:50:32]
[tencent-20.inbound-case-20.sh-Test:2022.04.26-16:51:13]
[tencent-21.inbound-case-21.sh-Test:2022.04.26-16:51:54]
|
[Cloudit] [OpenStack]
|
[IBMVPC]
[연결 설정 스크립트 활용 예시]
|
[Azure]
|
[Test Script]
[Tencent]
|
[gcp-01.inbound-case-01.sh-Test:2022.04.27-13:53:32]
[gcp-02.inbound-case-02.sh-Test:2022.04.27-13:55:53]
[gcp-03.inbound-case-03.sh-Test:2022.04.27-13:56:37]
[gcp-04.inbound-case-04.sh-Test:2022.04.27-13:57:07]
[gcp-05.inbound-case-05.sh-Test:2022.04.27-13:57:33]
[gcp-06.inbound-case-06.sh-Test:2022.04.27-13:58:00]
[gcp-10.inbound-case-10.sh-Test:2022.04.27-13:58:28]
[gcp-11.inbound-case-11.sh-Test:2022.04.27-13:58:54]
[gcp-20.inbound-case-20.sh-Test:2022.04.27-13:59:38]
[gcp-21.inbound-case-21.sh-Test:2022.04.27-14:01:13]
|
[Azure] Outbound 테스트 결과 공유드립니다. / merge 적용 시 #630 [azure-01.outbound-case-01.sh-Test:2022.05.10-14:42:25]
[azure-02.outbound-case-02.sh-Test:2022.05.10-14:44:51]
[azure-03.outbound-case-03.sh-Test:2022.05.10-14:47:20]
[azure-04.outbound-case-04.sh-Test:2022.05.10-14:49:46]
[azure-05.outbound-case-05.sh-Test:2022.05.10-14:52:09]
[azure-06.outbound-case-06.sh-Test:2022.05.10-14:54:36]
[azure-10.outbound-case-10.sh-Test:2022.05.10-14:57:33]
[azure-11.outbound-case-11.sh-Test:2022.05.10-15:00:32]
[azure-20.outbound-case-20.sh-Test:2022.05.10-15:03:09]
[azure-21.outbound-case-21.sh-Test:2022.05.10-15:06:01]
|
Inbound
[alibaba-02.inbound-case-02.sh-Test:2022.05.10-06:08:49]
[alibaba-03.inbound-case-03.sh-Test:2022.05.10-06:09:08]
[alibaba-04.inbound-case-04.sh-Test:2022.05.10-06:09:35]
[alibaba-05.inbound-case-05.sh-Test:2022.05.10-06:09:58]
[alibaba-06.inbound-case-06.sh-Test:2022.05.10-06:10:25]
[alibaba-10.inbound-case-10.sh-Test:2022.05.10-06:10:51]
[alibaba-11.inbound-case-11.sh-Test:2022.05.10-06:11:10]
[alibaba-20.inbound-case-20.sh-Test:2022.05.10-06:11:40]
[alibaba-21.inbound-case-21.sh-Test:2022.05.10-06:12:09]
Outbound
[alibaba-02.outbound-case-02.sh-Test:2022.05.10-05:58:24]
[alibaba-03.outbound-case-03.sh-Test:2022.05.10-05:58:54]
[alibaba-04.outbound-case-04.sh-Test:2022.05.10-05:59:19]
[alibaba-05.outbound-case-05.sh-Test:2022.05.10-05:59:42]
[alibaba-06.outbound-case-06.sh-Test:2022.05.10-06:00:10]
[alibaba-10.outbound-case-10.sh-Test:2022.05.10-06:00:37]
[alibaba-11.outbound-case-11.sh-Test:2022.05.10-06:01:07]
[alibaba-20.outbound-case-20.sh-Test:2022.05.10-06:01:37]
[alibaba-21.outbound-case-21.sh-Test:2022.05.10-06:02:06]
|
GCP 로직 보완 및 Test 결과 공유드립니다.
.# clear nc processes on the client(this node)
[gcp-02.inbound-case-02.sh-Test:2022.05.10-10:26:05]
[gcp-03.inbound-case-03.sh-Test:2022.05.10-10:26:29]
[gcp-04.inbound-case-04.sh-Test:2022.05.10-10:27:04]
[gcp-05.inbound-case-05.sh-Test:2022.05.10-10:27:35]
[gcp-06.inbound-case-06.sh-Test:2022.05.10-10:28:10]
[gcp-10.inbound-case-10.sh-Test:2022.05.10-10:28:59]
[gcp-11.inbound-case-11.sh-Test:2022.05.10-10:29:41]
[gcp-20.inbound-case-20.sh-Test:2022.05.10-10:30:23]
[gcp-21.inbound-case-21.sh-Test:2022.05.10-10:31:04]
-- OUTBOUND
[gcp-02.outbound-case-02.sh-Test:2022.05.10-07:02:03]
[gcp-03.outbound-case-03.sh-Test:2022.05.10-07:03:51]
[gcp-04.outbound-case-04.sh-Test:2022.05.10-07:05:04]
[gcp-01.outbound-case-01.sh-Test:2022.05.10-07:31:36]
[gcp-04.outbound-case-04.sh-Test:2022.05.10-07:43:29]
[gcp-01.outbound-case-01.sh-Test:2022.05.10-08:48:02]
[gcp-01.outbound-case-01.sh-Test:2022.05.10-09:02:55]
[gcp-02.outbound-case-02.sh-Test:2022.05.10-09:03:28]
[gcp-03.outbound-case-03.sh-Test:2022.05.10-09:03:55]
[gcp-04.outbound-case-04.sh-Test:2022.05.10-09:04:24]
[gcp-05.outbound-case-05.sh-Test:2022.05.10-09:04:54]
[gcp-06.outbound-case-06.sh-Test:2022.05.10-09:05:29]
[gcp-10.outbound-case-10.sh-Test:2022.05.10-09:06:10]
[gcp-11.outbound-case-11.sh-Test:2022.05.10-09:06:55]
[gcp-20.outbound-case-20.sh-Test:2022.05.10-09:07:30]
[gcp-21.outbound-case-21.sh-Test:2022.05.10-09:08:06]
|
[GCP 결과 분석]1. 00.prepare.sh 이슈
2. 시험 결과
[gcp-02.outbound-case-02.sh-Test:2022.05.10-17:48:18]
3. 출력 결과 이슈
|
@choryang @dogfootman @dev4unet [Tencent SG 검증 시험]
[Tencent SG 출력 결과 이슈]
|
@choryang @dogfootman @dev4unet [Alibaba SG 검증 시험]
[Alibaba SG 출력 결과 이슈]
|
[Ibm-VPC] Outbound 테스트 결과 공유드립니다. / merge 적용 시 #632 00.prepare-00.sh 실행시, /test/sg-rules-validation-cli/common/ibm/setup.env에서 Image_Name을 수정하여야 작동됩니다.(/cloud-control-manager/cloud-driver/drivers/ibmcloud-vpc/main/conf/config.yaml.sample 참고) [ibm-01.outbound-case-01.sh-Test:2022.05.11-13:48:29]
[ibm-02.outbound-case-02.sh-Test:2022.05.11-13:49:08]
[ibm-03.outbound-case-03.sh-Test:2022.05.11-13:49:49]
[ibm-04.outbound-case-04.sh-Test:2022.05.11-13:50:27]
[ibm-05.outbound-case-05.sh-Test:2022.05.11-13:51:03]
[ibm-06.outbound-case-06.sh-Test:2022.05.11-13:51:43]
[ibm-10.outbound-case-10.sh-Test:2022.05.11-13:52:23]
[ibm-11.outbound-case-11.sh-Test:2022.05.11-13:53:05]
[ibm-20.outbound-case-20.sh-Test:2022.05.11-13:53:55]
[ibm-21.outbound-case-21.sh-Test:2022.05.11-13:54:43]
|
[Azure SG 검증 시험]
[Azure SG 출력 결과 이슈]
|
[IBM SG 검증 시험]
[참고] AdminWeb을 이용한 Region내 가용한 Image ID 얻는 방법 |
@dev4unet @dogfootman @choryang [AWS SG 검증 시험]
[AWS SG 출력 결과 이슈]
|
@inno-cloudbarista @hyokyungk @dev4unet @dogfootman @choryang @innodreamer
|
@powerkimhub 알려주신 "02.test~에서는 outbound:ALL/-1/-1 rule을 삭제" 에 대하여
그리하여 ALL Allow를 삭제하면 ALL Deny로 적용되고 보안정책에서 inbound: 모든 트래픽 차단 2번항목에 의해 GCP Test 결과입니다. [gcp-21.outbound-case-21.sh-Test:2022.05.11-09:37:17]
[gcp-01.outbound-case-01.sh-Test:2022.05.11-10:45:10]
[gcp-02.outbound-case-02.sh-Test:2022.05.11-10:47:46]
[gcp-03.outbound-case-03.sh-Test:2022.05.11-10:49:26]
[gcp-04.outbound-case-04.sh-Test:2022.05.11-10:51:00]
[gcp-05.outbound-case-05.sh-Test:2022.05.11-10:52:09]
[gcp-06.outbound-case-06.sh-Test:2022.05.11-10:53:19]
[gcp-10.outbound-case-10.sh-Test:2022.05.11-10:54:43]
[gcp-11.outbound-case-11.sh-Test:2022.05.11-10:56:18]
[gcp-20.outbound-case-20.sh-Test:2022.05.11-11:00:24]
[gcp-21.outbound-case-21.sh-Test:2022.05.11-11:02:36]
|
|
[Openstack] Outbound 테스트 결과 공유드립니다. / merge 적용 시 #635 [openstack-inno-01.outbound-case-01.sh-Test:2022.05.12-01:14:53]
[openstack-inno-02.outbound-case-02.sh-Test:2022.05.12-01:15:19]
[openstack-inno-03.outbound-case-03.sh-Test:2022.05.12-01:15:49]
[openstack-inno-04.outbound-case-04.sh-Test:2022.05.12-01:16:15]
[openstack-inno-05.outbound-case-05.sh-Test:2022.05.12-01:16:37]
[openstack-inno-06.outbound-case-06.sh-Test:2022.05.12-01:17:05]
[openstack-inno-10.outbound-case-10.sh-Test:2022.05.12-01:17:29]
[openstack-inno-11.outbound-case-11.sh-Test:2022.05.12-01:18:00]
[openstack-inno-20.outbound-case-20.sh-Test:2022.05.12-01:18:35]
[openstack-inno-21.outbound-case-21.sh-Test:2022.05.12-01:19:11]
|
[Cloudit] Outbound 테스트 결과 공유드립니다. / merge 적용 시 #635 Cloudit은 ICMP 기능을 제공하지 않기에, 해당 프로토콜이 있을 경우 Error를 리턴하여 AddRule, RemoveRule이 실패하게 되기에, [cloudit-01.outbound-case-01.sh-Test:2022.05.11-17:42:17]
[cloudit-02.outbound-case-02.sh-Test:2022.05.11-17:42:37]
[cloudit-03.outbound-case-03.sh-Test:2022.05.11-17:42:58]
[cloudit-04.outbound-case-04.sh-Test:2022.05.11-17:43:17]
[cloudit-05.outbound-case-05.sh-Test:2022.05.11-17:43:33]
[cloudit-06.outbound-case-06.sh-Test:2022.05.11-17:43:52]
[cloudit-10.outbound-case-10.sh-Test:2022.05.11-17:44:12]
[cloudit-11.outbound-case-11.sh-Test:2022.05.11-17:44:33]
[cloudit-20.outbound-case-20.sh-Test:2022.05.11-17:44:54]
[cloudit-21.outbound-case-21.sh-Test:2022.05.11-17:45:14]
|
GCP securityInfo의 port 포맷 보완 #640 [GCP] Port 포맷 보완 완료했습니다. ============== before AddRules: 'SG-Rules-Test-SG04' --- outbound:TCP/1000/1000/4.5.6.7/32 |
|
@inno-cloudbarista @hyokyungk @dev4unet @dogfootman @choryang @innodreamer
[azure-01.outbound-case-01.sh-Test:2022.05.16-07:45:17]
[azure-02.outbound-case-02.sh-Test:2022.05.16-07:47:16]
[azure-03.outbound-case-03.sh-Test:2022.05.16-07:49:15]
[azure-04.outbound-case-04.sh-Test:2022.05.16-07:51:11]
[azure-05.outbound-case-05.sh-Test:2022.05.16-07:53:04]
[azure-06.outbound-case-06.sh-Test:2022.05.16-07:55:03]
[azure-10.outbound-case-10.sh-Test:2022.05.16-07:57:33]
[azure-11.outbound-case-11.sh-Test:2022.05.16-08:00:07]
[azure-20.outbound-case-20.sh-Test:2022.05.16-08:02:20]
[azure-21.outbound-case-21.sh-Test:2022.05.16-08:04:22]
|
@powerkimhub
Azure 콘솔에서는 Rule의 변경 사항 업데이트 완료와 적용 완료까지 판단하여 성공을 리턴 하는걸로 알고 있었으나 콘솔에서 완료가 되어도 Rule이 바로 적용되지 않는 현상이 있었습니다.
현재 잠정적인 결론은 Azure 콘솔도 Rule이 완전히 적용된 후 완료를 리턴해주는 것이 아니라, Rule의 변경 사항 업데이트 완료를 리턴하지만, 위 결과가 적용 시간에 대한 이슈가 아닐 경우도 있지만, SLEEP을 길게 잡아 테스트하거나, 해당 테스트 상황을 같은 조건으로 수동으로 테스트 할 경우 성공하게 되어,Rule의 적용시간 이슈가 아닐까 합니다. |
|
What would you like to be added
Why is this needed
The text was updated successfully, but these errors were encountered: