Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Azure Templates | Modify MDS and Management template to support IAM #463

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Azure Templates | Modify MDS and Management template to support IAM #463

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e129f50
VSECPC-6916 | Terraform | Added length limit to prefix and asg-name
chkp-guybarak Dec 15, 2024
5705ab4
Azure-templates | Enhance UI
chkp-rivkas Dec 23, 2024
1e43055
Azure Templates | Modify MDS and Management template to support IAM
chkp-bennym Dec 24, 2024
5fd9ea0
Merge branch 'master' into cloudguard-integrations-cloudguardiaas-bfb…
chkp-eddiek Dec 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
736 changes: 381 additions & 355 deletions azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json
View file
Open in desktop

Large diffs are not rendered by default.

279 changes: 149 additions & 130 deletions azure/templates/marketplace-ha/createUiDefinition.json
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions azure/templates/marketplace-ha/mainTemplate.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,7 @@
},
"sicKey": {
"type": "securestring",
"defaultValue": "",
"metadata": {
"description": "One time key for Secure Internal Communication"
}
Expand Down
259 changes: 151 additions & 108 deletions azure/templates/marketplace-management/createUiDefinition.json
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion azure/templates/marketplace-management/mainTemplate.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@
},
"msi": {
"type": "bool",
"defaultValue": false,
"defaultValue": true,
"metadata": {
"description": "Configure managed service identity for the VM"
}
Expand Down
216 changes: 130 additions & 86 deletions azure/templates/marketplace-mds/createUiDefinition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,19 +53,28 @@
"steps": [
{
"name": "chkp",
"label": "Check Point Multi-Domain Server settings",
"label": "CloudGuard Multi-Domain Server settings",
"subLabel": {
"preValidation": "Configure additional settings",
"postValidation": "Done"
},
"bladeTitle": "Multi-Domain Server settings",
"elements": [
{
"name": "InfoAzureAdminGuide",
"type": "Microsoft.Common.InfoBox",
"visible": "true",
"options": {
"icon": "Info",
"text": "See <a href='https://support.checkpoint.com/results/sk/sk154436' target='_blank'>CloudGuard Network for Azure administration guide</a> for detailed deployment and configuration steps"
}
},
{
"name": "cloudGuardVersion",
"type": "Microsoft.Common.DropDown",
"label": "Check Point CloudGuard version",
"label": "Version",
"defaultValue": "R81.20",
"toolTip": "The version of Check Point CloudGuard.",
"toolTip": "Check Point Recommended version for all deployments is R81.20",
"constraints": {
"allowedValues": [
{
Expand Down Expand Up @@ -99,6 +108,15 @@
]
}
},
{
"name": "InfoVMSize",
"type": "Microsoft.Common.InfoBox",
"visible": "true",
"options": {
"icon": "Info",
"text": "Check Point recommends a minimum of 4 vCores for optimal operation"
}
},
{
"name": "R8110vmSizeUiBYOL",
"type": "Microsoft.Compute.SizeSelector",
Expand Down Expand Up @@ -186,6 +204,38 @@
},
"count": 1
},
{
"name": "managementGUIClientNetwork",
"type": "Microsoft.Common.TextBox",
"label": "Allow SmartConsole connections from these networks",
"toolTip": "Allow SmartConsole connections from the following CIDR networks, for example: 192.168.1.0/26",
"constraints": {
"required": true,
"regex": "(^0\\.0\\.0\\.0\\/0$)|(^(?!0\\.0\\.0\\.0$)(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/32)?$)",
"validationMessage": "Enter a valid IPv4 network CIDR (only 0.0.0.0/0, X.X.X.X/32 or X.X.X.X are acceptable)"
},
"visible": true
}
]
},
{
"name": "chkp-advanced",
"label": "CloudGuard Advanced settings",
"subLabel": {
"preValidation": "Configure additional settings",
"postValidation": "Done"
},
"bladeTitle": "Multi-Domain Server settings",
"elements": [
{
"name": "InfoAdvanced",
"type": "Microsoft.Common.InfoBox",
"visible": "true",
"options": {
"icon": "Info",
"text": "This section includes OPTIONAL advanced configuration.\nTo proceed with Check Point default settings, click Next"
}
},
{
"name": "installationType",
"type": "Microsoft.Common.DropDown",
Expand All @@ -209,6 +259,33 @@
]
}
},
{
"name": "adminShell",
"type": "Microsoft.Common.DropDown",
"label": "Default shell for the admin user",
"defaultValue": "/etc/cli.sh",
"toolTip": "The default shell for the admin user",
"constraints": {
"allowedValues": [
{
"label": "/etc/cli.sh",
"value": "/etc/cli.sh"
},
{
"label": "/bin/bash",
"value": "/bin/bash"
},
{
"label": "/bin/csh",
"value": "/bin/csh"
},
{
"label": "/bin/tcsh",
"value": "/bin/tcsh"
}
]
}
},
{
"name": "SerialPasswordInfoBox",
"type": "Microsoft.Common.InfoBox",
Expand All @@ -223,7 +300,7 @@
"name": "EnableSerialConsolePassword",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Serial console password",
"defaultValue": "Yes",
"defaultValue": "No",
"toolTip": "A unique password hash to enable VM connection via serial console.",
"constraints": {
"allowedValues": [
Expand All @@ -242,7 +319,7 @@
"name": "AdditionalPassword",
"type": "Microsoft.Common.PasswordBox",
"toolTip": "Serial console password hash, used to enable password authentication (using serial console). To generate password hash use the command 'openssl passwd -6 PASSWORD'",
"visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp').EnableSerialConsolePassword)]",
"visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp-advanced').EnableSerialConsolePassword)]",
"label": {
"password": "Password hash",
"confirmPassword": "Confirm password"
Expand All @@ -267,26 +344,6 @@
},
{
"visible": "[not(contains('R81.10', steps('chkp').cloudGuardVersion))]",
"name": "EnableMaintenanceMode",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Maintenance Mode",
"defaultValue": "Yes",
"toolTip": "A unique password hash to enable VM maintenance mode.",
"constraints": {
"allowedValues": [
{
"label": "Yes",
"value": true
},
{
"label": "No",
"value": false
}
]
}
},
{
"visible": "[and(not(contains('R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]",
"name": "MaintenanceModePassword",
"type": "Microsoft.Common.PasswordBox",
"defaultValue": "",
Expand All @@ -296,52 +353,12 @@
"confirmPassword": "Confirm Password"
},
"constraints": {
"required": true,
"validationMessage": "The value must be the output of the hash command."
},
"options": {
"hideConfirmation": false
}
},
{
"name": "adminShell",
"type": "Microsoft.Common.DropDown",
"label": "Default shell for the admin user",
"defaultValue": "/etc/cli.sh",
"toolTip": "The default shell for the admin user",
"constraints": {
"allowedValues": [
{
"label": "/etc/cli.sh",
"value": "/etc/cli.sh"
},
{
"label": "/bin/bash",
"value": "/bin/bash"
},
{
"label": "/bin/csh",
"value": "/bin/csh"
},
{
"label": "/bin/tcsh",
"value": "/bin/tcsh"
}
]
}
},
{
"name": "managementGUIClientNetwork",
"type": "Microsoft.Common.TextBox",
"label": "Allowed GUI clients",
"toolTip": "GUI clients network CIDR",
"constraints": {
"required": true,
"regex": "(^0\\.0\\.0\\.0\\/0$)|(^(?!0\\.0\\.0\\.0$)(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/32)?$)",
"validationMessage": "Enter a valid IPv4 network CIDR (only 0.0.0.0/0, X.X.X.X/32 or X.X.X.X are acceptable)"
},
"visible": true
},
{
"name": "sicKeyUi",
"type": "Microsoft.Common.PasswordBox",
Expand All @@ -358,7 +375,7 @@
"options": {
"hideConfirmation": false
},
"visible": "[not(equals(steps('chkp').installationType, 'mds-primary'))]"
"visible": "[not(equals(steps('chkp-advanced').installationType, 'mds-primary'))]"
},
{
"name": "bootstrapScript",
Expand Down Expand Up @@ -396,15 +413,32 @@
}
},
{
"name": "basics settings text block",
"type": "Microsoft.Common.TextBlock",
"visible": true,
"visible": "[not(equals(steps('chkp-advanced').installationType, 'mds-logserver'))]",
"name": "identityAccessManagement" ,
"type": "Microsoft.Common.OptionsGroup",
"label": "Create a System Assigned Identity",
"toolTip": "Automatically create a Service Principal for this deployment.",
"defaultValue": "Yes",
"constraints": {
"allowedValues": [
{
"label": "Yes",
"value": true
},
{
"label": "No",
"value": false
}
]
}
},
{
"name": "InfoVMDiskSpace",
"type": "Microsoft.Common.InfoBox",
"visible": "true",
"options": {
"text": "Please follow the Check Point referenced guide for adding disk space.",
"link": {
"label": "Additional disk space in CloudGuard",
"uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156552"
}
"icon": "Info",
"text": "See <a href='https://support.checkpoint.com/results/sk/sk156552' target='_blank'>Adding disk space in CloudGuard</a> for instructions on adding additional disk space "
}
},
{
Expand Down Expand Up @@ -485,11 +519,11 @@
"label": "Development Image URI",
"toolTip": "The URI of the blob containing the development image",
"constraints": {
"required": "[equals(steps('chkp').useCustomImageUri, 'Yes')]",
"required": "[equals(steps('chkp-advanced').useCustomImageUri, 'Yes')]",
"regex": "^[a-z0-9A-Z_\\-\\.\\:\\/]{1,500}.vhd$",
"validationMessage": "Only alphanumeric characters and '_','-','.',':','/' are allowed, the value must be 1-500 characters long and must end with .vhd. "
},
"visible": "[equals(steps('chkp').useCustomImageUri, 'Yes')]"
"visible": "[equals(steps('chkp-advanced').useCustomImageUri, 'Yes')]"
}
]
},
Expand Down Expand Up @@ -617,6 +651,15 @@
"name": "tags",
"label": "Tags",
"elements": [
{
"name": "InfoTags",
"type": "Microsoft.Common.InfoBox",
"visible": "true",
"options": {
"icon": "Info",
"text": "Check Point automatically configures all tags required by the solution\nOPTIONAL: Additional tags can be added below"
}
},
{
"name": "tagsByResource",
"type": "Microsoft.Common.TagsByResource",
Expand Down Expand Up @@ -650,21 +693,22 @@
"vnetNewOrExisting": "[steps('network').virtualNetwork.newOrExisting]",
"virtualNetworkExistingRGName": "[steps('network').virtualNetwork.resourceGroup]",
"managementGUIClientNetwork": "[if(contains(steps('chkp').managementGUIClientNetwork, '/'), steps('chkp').managementGUIClientNetwork, concat(steps('chkp').managementGUIClientNetwork, '/32'))]",
"sicKey": "[coalesce(steps('chkp').sicKeyUi, 'notused')]",
"installationType": "[steps('chkp').installationType]",
"bootstrapScript": "[steps('chkp').bootstrapScript]",
"allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]",
"additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]",
"diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
"sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]",
"adminShell": "[steps('chkp').adminShell]",
"sicKey": "[coalesce(steps('chkp-advanced').sicKeyUi, 'notused')]",
"installationType": "[steps('chkp-advanced').installationType]",
"bootstrapScript": "[steps('chkp-advanced').bootstrapScript]",
"allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp-advanced').allowUploadDownload, 'true')]",
"msi" : "[steps('chkp-advanced').identityAccessManagement]",
"additionalDiskSizeGB": "[int(steps('chkp-advanced').additionalDiskSizeGB)]",
"diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp-advanced').VMDiskTypeOldVersions , steps('chkp-advanced').VMDiskType)]",
"sourceImageVhdUri": "[coalesce(steps('chkp-advanced').sourceImageVhdUri, 'noCustomUri')]",
"adminShell": "[steps('chkp-advanced').adminShell]",
"tagsByResource": "[steps('tags').tagsByResource]",
"deployNewNSG": "[steps('network').NSG]",
"ExistingNSG": "[steps('network').nsgSelector]",
"NewNsgName": "[steps('network').NSGName]",
"addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]",
"SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]",
"MaintenanceModePasswordHash": "[steps('chkp').MaintenanceModePassword]"
"SerialConsolePasswordHash": "[steps('chkp-advanced').AdditionalPassword]",
"MaintenanceModePasswordHash": "[steps('chkp-advanced').MaintenanceModePassword]"
}
}
}
2 changes: 1 addition & 1 deletion azure/templates/marketplace-mds/mainTemplate.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 +204,7 @@
},
"msi": {
"type": "bool",
"defaultValue": false,
"defaultValue": true,
"metadata": {
"description": "Configure managed service identity for the VM"
}
Expand Down
Loading
Loading