IPv4/v6 whitelisting#372
Open
PierreBeucher wants to merge 7 commits into
Open
Conversation
Previously all inbound ports were open to 0.0.0.0/0 and ::/0. This adds a --no-restrict-to-my-ip flag (and matching interactive prompt) to control a new restrictToMyIp option, which is enabled by default. When enabled, the provisioner detects the user's current IPv4 and IPv6 addresses before each Pulumi run by making a request to checkip.global.api.aws with a 5-second timeout per address family. The resulting /32 and /128 CIDRs are passed to the Pulumi stack and used as the security group ingress CIDR instead of the open defaults. IPv6 is optional: if the user has no external IPv6 address the timeout fires and IPv6 ingress rules are skipped. IPv4 is required: failure to detect it raises an error with a hint to use --no-restrict-to-my-ip. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add description field to SimplePortDefinition interface and populate descriptions for all Sunshine and Wolf ports. Wire description into AWS security group ingress rule mapping. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ve IPs in CLI layer - Replace restrictToMyIp boolean flag with allowedCidrs in state schema. Defaults to open access (0.0.0.0/0); stores restricted /32+/128 when IP restriction is enabled. Refreshed on every provision by the provisioner. - Move IP detection to CLI layer (resolveAllowedCidrs): fetches current IP at create time based on --no-restrict-to-my-ip flag (default: restrict). - Provisioner re-fetches IPs on each provision so the security group stays current across create and start flows. Open CIDRs are passed through as-is.
small mistake in how Scaleway was merging data in promptSpecificInput: instead of merging given common inputs, only SSH was specifically passed into final result. Didn't cause much issue since most config appart SSH are not exposed via CLI, but did cause issue when adding IP CIDR whitelist since it was ignored.
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.