Skip to content

Commit

Permalink
Merge pull request #11 from qbeyond/feature/add-domains
Browse files Browse the repository at this point in the history
added four domains to certificate verification rule
  • Loading branch information
CaMMeu authored Oct 24, 2024
2 parents 86765df + c3b9bac commit 3a2a225
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 2 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@ and this module adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.

## [Unreleased]

## [2.1.2] - 2024-10-24

### Fixed
- allow `cdp.geotrust.com`, `cacerts.geotrust.com`, `cacerts.digicert.com` and `status.geotrust.com` for windows activation based on [learn.microsoft.com](https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-ca-details?tabs=root-and-subordinate-cas-list#public-key-encryption-and-signature-algorithms)

## [2.1.1] - 2024-05-30

### Fixed
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ module "firewall_rules" {
| <a name="input_ipg_platform_id"></a> [ipg\_platform\_id](#input\_ipg\_platform\_id) | IP ranges for the whole platform service, defined by the azure landing zone core modules. | `string` | n/a | yes |
| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which the firewall policy and the azure firewall are located. | `string` | n/a | yes |
| <a name="input_stage"></a> [stage](#input\_stage) | The stage that the resource is located in, e.g. prod, dev. | `string` | n/a | yes |
| <a name="input_bastion_config"></a> [bastion\_config](#input\_bastion\_config) | <pre>ipg_bastion_id: If the customer uses bastion, provide the bastion ip-group in this variable.<br> ipg_rdp_access_ids: If RDP access is needed, provide vm ip-groups in this variable. Every ip-group provided in this list, will be accessible by bastion via RDP.<br> ipg_ssh_access_ids: If SSH access is needed, provide vm ip-groups in this variable. Every ip-group provided in this list, will be accessible by bastion via SSH.</pre> | <pre>object({<br> ipg_bastion_id = string<br> ipg_rdp_access_ids = optional(list(string), [])<br> ipg_ssh_access_ids = optional(list(string), [])<br> })</pre> | `null` | no |
| <a name="input_bastion_config"></a> [bastion\_config](#input\_bastion\_config) | <pre>ipg_bastion_id: If the customer uses bastion, provide the bastion ip-group in this variable.<br/> ipg_rdp_access_ids: If RDP access is needed, provide vm ip-groups in this variable. Every ip-group provided in this list, will be accessible by bastion via RDP.<br/> ipg_ssh_access_ids: If SSH access is needed, provide vm ip-groups in this variable. Every ip-group provided in this list, will be accessible by bastion via SSH.</pre> | <pre>object({<br/> ipg_bastion_id = string<br/> ipg_rdp_access_ids = optional(list(string), [])<br/> ipg_ssh_access_ids = optional(list(string), [])<br/> })</pre> | `null` | no |
| <a name="input_firewall_policy_id"></a> [firewall\_policy\_id](#input\_firewall\_policy\_id) | For testing use this | `string` | `null` | no |
| <a name="input_ipg_azure_dc_id"></a> [ipg\_azure\_dc\_id](#input\_ipg\_azure\_dc\_id) | The ip addresses of the domain controller located in azure. If the value is not provided, this network rule collection will not be created. | `string` | `null` | no |
| <a name="input_ipg_dnsprivateresolver_id"></a> [ipg\_dnsprivateresolver\_id](#input\_ipg\_dnsprivateresolver\_id) | The ip address of the private dns resolver inbound endpoint. If the value is not provided, this network rule collection will not be created | `string` | `null` | no |
Expand Down
6 changes: 5 additions & 1 deletion main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,11 @@ resource "azurerm_firewall_policy_rule_collection_group" "this" {
"*.root-c3-ca2-2009.ocsp.d-trust.net",
"*.crl.microsoft.com",
"*.oneocsp.microsoft.com",
"*.ocsp.msocsp.com"
"*.ocsp.msocsp.com",
"cdp.geotrust.com",
"cacerts.geotrust.com",
"cacerts.digicert.com",
"status.geotrust.com"
]
protocols {
type = "Http"
Expand Down

0 comments on commit 3a2a225

Please sign in to comment.