Skip to content

Commit 7eeae92

Browse files
committed
fix: condense http and https into one rule
1 parent e704930 commit 7eeae92

File tree

4 files changed

+12
-120
lines changed

4 files changed

+12
-120
lines changed

aws_ec2_instance/host_network_access_sap/network_security_groups_sap_hana.tf

Lines changed: 2 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -105,12 +105,13 @@ resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_index_mdc_1"
105105

106106

107107
# SAP HANA for SOAP over HTTP for SAP Instance Agent (SAPStartSrv, i.e. host:port/SAPControl?wsdl), access from within the same Subnet
108+
# SAP HANA for SOAP over HTTPS (Secure) for SAP Instance Agent (SAPStartSrv, i.e. host:port/SAPControl?wsdl), access from within the same Subnet
108109
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_startsrv_http_soap" {
109110
count = local.network_rules_sap_hana_boolean ? 1 : 0
110111
security_group_id = var.module_var_host_security_group_id
111112
type = "ingress"
112113
from_port = tonumber("5${var.module_var_sap_hana_instance_no}13")
113-
to_port = tonumber("5${var.module_var_sap_hana_instance_no}13")
114+
to_port = tonumber("5${var.module_var_sap_hana_instance_no}14")
114115
protocol = "tcp"
115116
cidr_blocks = ["${local.target_subnet_ip_range}"]
116117
}
@@ -119,27 +120,6 @@ resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_startsrv_http
119120
security_group_id = var.module_var_host_security_group_id
120121
type = "egress"
121122
from_port = tonumber("5${var.module_var_sap_hana_instance_no}13")
122-
to_port = tonumber("5${var.module_var_sap_hana_instance_no}13")
123-
protocol = "tcp"
124-
cidr_blocks = ["${local.target_subnet_ip_range}"]
125-
}
126-
127-
128-
# SAP HANA for SOAP over HTTPS (Secure) for SAP Instance Agent (SAPStartSrv, i.e. host:port/SAPControl?wsdl), access from within the same Subnet
129-
resource "aws_security_group_rule" "vpc_sg_rule_tcp_ingress_saphana_startsrv_https_soap" {
130-
count = local.network_rules_sap_hana_boolean ? 1 : 0
131-
security_group_id = var.module_var_host_security_group_id
132-
type = "ingress"
133-
from_port = tonumber("5${var.module_var_sap_hana_instance_no}14")
134-
to_port = tonumber("5${var.module_var_sap_hana_instance_no}14")
135-
protocol = "tcp"
136-
cidr_blocks = ["${local.target_subnet_ip_range}"]
137-
}
138-
resource "aws_security_group_rule" "vpc_sg_rule_tcp_egress_saphana_startsrv_https_soap" {
139-
count = local.network_rules_sap_hana_boolean ? 1 : 0
140-
security_group_id = var.module_var_host_security_group_id
141-
type = "egress"
142-
from_port = tonumber("5${var.module_var_sap_hana_instance_no}14")
143123
to_port = tonumber("5${var.module_var_sap_hana_instance_no}14")
144124
protocol = "tcp"
145125
cidr_blocks = ["${local.target_subnet_ip_range}"]

gcp_ce_vm/host_network_access_sap/network_security_fw_rules_sap_hana.tf

Lines changed: 3 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -167,14 +167,15 @@ resource "google_compute_firewall" "vpc_fw_rule_tcp_egress_saphana_index_mdc_1"
167167

168168

169169
# SAP HANA for SOAP over HTTP for SAP Instance Agent (SAPStartSrv, i.e. host:port/SAPControl?wsdl), access from within the same Subnet
170+
# SAP HANA for SOAP over HTTPS (Secure) for SAP Instance Agent (SAPStartSrv, i.e. host:port/SAPControl?wsdl), access from within the same Subnet
170171
resource "google_compute_firewall" "vpc_fw_rule_tcp_ingress_saphana_startsrv_http_soap" {
171172
count = local.network_rules_sap_hana_boolean ? 1 : 0
172173
name = "${var.module_var_resource_prefix}-vpc-fw-ingress-saphana-startsrv-http"
173174
network = local.target_vpc_name
174175

175176
allow {
176177
protocol = "tcp"
177-
ports = [tonumber("5${var.module_var_sap_hana_instance_no}13")]
178+
ports = ["5${var.module_var_sap_hana_instance_no}13-5${var.module_var_sap_hana_instance_no}14"]
178179
}
179180

180181
direction = "INGRESS"
@@ -188,38 +189,7 @@ resource "google_compute_firewall" "vpc_fw_rule_tcp_egress_saphana_startsrv_http
188189

189190
allow {
190191
protocol = "tcp"
191-
ports = [tonumber("5${var.module_var_sap_hana_instance_no}13")]
192-
}
193-
194-
direction = "EGRESS"
195-
destination_ranges = ["${local.target_vpc_subnet_range}"]
196-
# source_ranges =
197-
}
198-
199-
200-
# SAP HANA for SOAP over HTTPS (Secure) for SAP Instance Agent (SAPStartSrv, i.e. host:port/SAPControl?wsdl), access from within the same Subnet
201-
resource "google_compute_firewall" "vpc_fw_rule_tcp_ingress_saphana_startsrv_https_soap" {
202-
count = local.network_rules_sap_hana_boolean ? 1 : 0
203-
name = "${var.module_var_resource_prefix}-vpc-fw-ingress-saphana-startsrv-https"
204-
network = local.target_vpc_name
205-
206-
allow {
207-
protocol = "tcp"
208-
ports = [tonumber("5${var.module_var_sap_hana_instance_no}14")]
209-
}
210-
211-
direction = "INGRESS"
212-
# destination_ranges =
213-
source_ranges = ["${local.target_vpc_subnet_range}"]
214-
}
215-
resource "google_compute_firewall" "vpc_fw_rule_tcp_egress_saphana_startsrv_https_soap" {
216-
count = local.network_rules_sap_hana_boolean ? 1 : 0
217-
name = "${var.module_var_resource_prefix}-vpc-fw-egress-saphana-startsrv-https"
218-
network = local.target_vpc_name
219-
220-
allow {
221-
protocol = "tcp"
222-
ports = [tonumber("5${var.module_var_sap_hana_instance_no}14")]
192+
ports = ["5${var.module_var_sap_hana_instance_no}13-5${var.module_var_sap_hana_instance_no}14"]
223193
}
224194

225195
direction = "EGRESS"

ibmcloud_vs/host_network_access_sap/network_security_groups_sap_hana.tf

Lines changed: 4 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -123,6 +123,7 @@ resource "ibm_is_security_group_rule" "vpc_sg_rule_tcp_outbound_saphana_index_md
123123

124124

125125
# SAP HANA for SOAP over HTTP for SAP Instance Agent (SAPStartSrv, i.e. host:port/SAPControl?wsdl), access from within the same Subnet
126+
# SAP HANA for SOAP over HTTPS (Secure) for SAP Instance Agent (SAPStartSrv, i.e. host:port/SAPControl?wsdl), access from within the same Subnet
126127
resource "ibm_is_security_group_rule" "vpc_sg_rule_tcp_inbound_saphana_startsrv_http_soap" {
127128
count = local.network_rules_sap_hana_boolean ? 1 : 0
128129
depends_on = [ibm_is_security_group_rule.vpc_sg_rule_tcp_inbound_saphana_index_mdc_1]
@@ -131,42 +132,17 @@ resource "ibm_is_security_group_rule" "vpc_sg_rule_tcp_inbound_saphana_startsrv_
131132
remote = local.target_vpc_subnet_range
132133
tcp {
133134
port_min = tonumber("5${var.module_var_sap_hana_instance_no}13")
134-
port_max = tonumber("5${var.module_var_sap_hana_instance_no}13")
135-
}
136-
}
137-
resource "ibm_is_security_group_rule" "vpc_sg_rule_tcp_outbound_saphana_startsrv_http_soap" {
138-
count = local.network_rules_sap_hana_boolean ? 1 : 0
139-
depends_on = [ibm_is_security_group_rule.vpc_sg_rule_tcp_inbound_saphana_index_mdc_1]
140-
group = var.module_var_host_security_group_id
141-
direction = "outbound"
142-
remote = local.target_vpc_subnet_range
143-
tcp {
144-
port_min = tonumber("5${var.module_var_sap_hana_instance_no}13")
145-
port_max = tonumber("5${var.module_var_sap_hana_instance_no}13")
146-
}
147-
}
148-
149-
150-
# SAP HANA for SOAP over HTTPS (Secure) for SAP Instance Agent (SAPStartSrv, i.e. host:port/SAPControl?wsdl), access from within the same Subnet
151-
resource "ibm_is_security_group_rule" "vpc_sg_rule_tcp_inbound_saphana_startsrv_https_soap" {
152-
count = local.network_rules_sap_hana_boolean ? 1 : 0
153-
depends_on = [ibm_is_security_group_rule.vpc_sg_rule_tcp_inbound_saphana_startsrv_http_soap]
154-
group = var.module_var_host_security_group_id
155-
direction = "inbound"
156-
remote = local.target_vpc_subnet_range
157-
tcp {
158-
port_min = tonumber("5${var.module_var_sap_hana_instance_no}14")
159135
port_max = tonumber("5${var.module_var_sap_hana_instance_no}14")
160136
}
161137
}
162-
resource "ibm_is_security_group_rule" "vpc_sg_rule_tcp_outbound_saphana_startsrv_https_soap" {
138+
resource "ibm_is_security_group_rule" "vpc_sg_rule_tcp_outbound_saphana_startsrv_http_soap" {
163139
count = local.network_rules_sap_hana_boolean ? 1 : 0
164140
depends_on = [ibm_is_security_group_rule.vpc_sg_rule_tcp_inbound_saphana_startsrv_http_soap]
165141
group = var.module_var_host_security_group_id
166142
direction = "outbound"
167143
remote = local.target_vpc_subnet_range
168144
tcp {
169-
port_min = tonumber("5${var.module_var_sap_hana_instance_no}14")
145+
port_min = tonumber("5${var.module_var_sap_hana_instance_no}13")
170146
port_max = tonumber("5${var.module_var_sap_hana_instance_no}14")
171147
}
172148
}
@@ -178,7 +154,7 @@ resource "ibm_is_security_group_rule" "vpc_sg_rule_tcp_outbound_saphana_startsrv
178154
## More details in README
179155
resource "ibm_is_security_group_rule" "vpc_sg_rule_sap_inbound_saphana_hsr1" {
180156
count = local.network_rules_sap_hana_boolean ? 1 : 0
181-
depends_on = [ibm_is_security_group_rule.vpc_sg_rule_tcp_inbound_saphana_startsrv_https_soap]
157+
depends_on = [ibm_is_security_group_rule.vpc_sg_rule_tcp_outbound_saphana_startsrv_http_soap]
182158
group = var.module_var_host_security_group_id
183159
direction = "inbound"
184160
remote = local.target_vpc_subnet_range

msazure_vm/host_network_access_sap/network_security_groups_sap_hana.tf

Lines changed: 3 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -175,6 +175,7 @@ resource "azurerm_network_security_rule" "vnet_sg_rule_tcp_outbound_saphana_inde
175175

176176

177177
# SAP HANA for SOAP over HTTP for SAP Instance Agent (SAPStartSrv, i.e. host:port/SAPControl?wsdl), access from within the same Subnet
178+
# SAP HANA for SOAP over HTTPS (Secure) for SAP Instance Agent (SAPStartSrv, i.e. host:port/SAPControl?wsdl), access from within the same Subnet
178179
resource "azurerm_network_security_rule" "vnet_sg_rule_tcp_inbound_saphana_startsrv_http_soap" {
179180
count = local.network_rules_sap_hana_boolean ? 1 : 0
180181
name = "tcp_inbound_saphana_startsrv_http_soap"
@@ -185,7 +186,7 @@ resource "azurerm_network_security_rule" "vnet_sg_rule_tcp_inbound_saphana_start
185186

186187
source_port_range = "*"
187188
source_address_prefix = local.target_vnet_subnet_range
188-
destination_port_range = tonumber("5${var.module_var_sap_hana_instance_no}13")
189+
destination_port_ranges = ["5${var.module_var_sap_hana_instance_no}13-5${var.module_var_sap_hana_instance_no}14"]
189190
destination_address_prefix = local.target_vnet_subnet_range
190191

191192
resource_group_name = var.module_var_az_resource_group_name
@@ -201,42 +202,7 @@ resource "azurerm_network_security_rule" "vnet_sg_rule_tcp_outbound_saphana_star
201202

202203
source_port_range = "*"
203204
source_address_prefix = local.target_vnet_subnet_range
204-
destination_port_range = tonumber("5${var.module_var_sap_hana_instance_no}13")
205-
destination_address_prefix = local.target_vnet_subnet_range
206-
207-
resource_group_name = var.module_var_az_resource_group_name
208-
network_security_group_name = var.module_var_host_security_group_name
209-
}
210-
211-
212-
# SAP HANA for SOAP over HTTPS (Secure) for SAP Instance Agent (SAPStartSrv, i.e. host:port/SAPControl?wsdl), access from within the same Subnet
213-
resource "azurerm_network_security_rule" "vnet_sg_rule_tcp_inbound_saphana_startsrv_https_soap" {
214-
count = local.network_rules_sap_hana_boolean ? 1 : 0
215-
name = "tcp_inbound_saphana_startsrv_https_soap"
216-
priority = 262
217-
direction = "Inbound"
218-
access = "Allow"
219-
protocol = "Tcp"
220-
221-
source_port_range = "*"
222-
source_address_prefix = local.target_vnet_subnet_range
223-
destination_port_range = tonumber("5${var.module_var_sap_hana_instance_no}14")
224-
destination_address_prefix = local.target_vnet_subnet_range
225-
226-
resource_group_name = var.module_var_az_resource_group_name
227-
network_security_group_name = var.module_var_host_security_group_name
228-
}
229-
resource "azurerm_network_security_rule" "vnet_sg_rule_tcp_outbound_saphana_startsrv_https_soap" {
230-
count = local.network_rules_sap_hana_boolean ? 1 : 0
231-
name = "tcp_outbound_saphana_startsrv_https_soap"
232-
priority = 263
233-
direction = "Outbound"
234-
access = "Allow"
235-
protocol = "Tcp"
236-
237-
source_port_range = "*"
238-
source_address_prefix = local.target_vnet_subnet_range
239-
destination_port_range = tonumber("5${var.module_var_sap_hana_instance_no}14")
205+
destination_port_ranges = ["5${var.module_var_sap_hana_instance_no}13-5${var.module_var_sap_hana_instance_no}14"]
240206
destination_address_prefix = local.target_vnet_subnet_range
241207

242208
resource_group_name = var.module_var_az_resource_group_name

0 commit comments

Comments
 (0)