From 339811b476a7491dc410cfd10e1b6f1932b677c4 Mon Sep 17 00:00:00 2001 From: CaMMeu <145769396+CaMMeu@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:19:07 +0200 Subject: [PATCH 1/4] added four domains to certificate verification rule --- main.tf | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index caf7db6..d88fcba 100644 --- a/main.tf +++ b/main.tf @@ -153,7 +153,11 @@ resource "azurerm_firewall_policy_rule_collection_group" "this" { "*.root-c3-ca2-2009.ocsp.d-trust.net", "*.crl.microsoft.com", "*.oneocsp.microsoft.com", - "*.ocsp.msocsp.com" + "*.ocsp.msocsp.com", + "cdp.geotrust.com", + "cacerts.geotrust.com", + "cacerts.digicert.com", + "status.geotrust.com" ] protocols { type = "Http" From e7ff92551b92883a46cb5f030469e5a790fff26e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 24 Oct 2024 12:27:57 +0000 Subject: [PATCH 2/4] terraform-docs: automated action --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 329e13f..9d21bae 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ module "firewall_rules" { | [ipg\_platform\_id](#input\_ipg\_platform\_id) | IP ranges for the whole platform service, defined by the azure landing zone core modules. | `string` | n/a | yes | | [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which the firewall policy and the azure firewall are located. | `string` | n/a | yes | | [stage](#input\_stage) | The stage that the resource is located in, e.g. prod, dev. | `string` | n/a | yes | -| [bastion\_config](#input\_bastion\_config) | 
ipg_bastion_id: If the customer uses bastion, provide the bastion ip-group in this variable.
  ipg_rdp_access_ids: If RDP access is needed, provide vm ip-groups in this variable. Every ip-group provided in this list, will be accessible by bastion via RDP.
  ipg_ssh_access_ids: If SSH access is needed, provide vm ip-groups in this variable. Every ip-group provided in this list, will be accessible by bastion via SSH.
| 
object({
    ipg_bastion_id     = string
    ipg_rdp_access_ids = optional(list(string), [])
    ipg_ssh_access_ids = optional(list(string), [])
  })
| `null` | no | +| [bastion\_config](#input\_bastion\_config) | 
ipg_bastion_id: If the customer uses bastion, provide the bastion ip-group in this variable.
  ipg_rdp_access_ids: If RDP access is needed, provide vm ip-groups in this variable. Every ip-group provided in this list, will be accessible by bastion via RDP.
  ipg_ssh_access_ids: If SSH access is needed, provide vm ip-groups in this variable. Every ip-group provided in this list, will be accessible by bastion via SSH.
| 
object({
    ipg_bastion_id     = string
    ipg_rdp_access_ids = optional(list(string), [])
    ipg_ssh_access_ids = optional(list(string), [])
  })
| `null` | no | | [firewall\_policy\_id](#input\_firewall\_policy\_id) | For testing use this | `string` | `null` | no | | [ipg\_azure\_dc\_id](#input\_ipg\_azure\_dc\_id) | The ip addresses of the domain controller located in azure. If the value is not provided, this network rule collection will not be created. | `string` | `null` | no | | [ipg\_dnsprivateresolver\_id](#input\_ipg\_dnsprivateresolver\_id) | The ip address of the private dns resolver inbound endpoint. If the value is not provided, this network rule collection will not be created | `string` | `null` | no | From 03ef49f8ac2de74389c58bdfd464b66f4b1db3fc Mon Sep 17 00:00:00 2001 From: CaMMeu <145769396+CaMMeu@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:37:55 +0200 Subject: [PATCH 3/4] update changelog version 2.1.2 --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ae48d8..4d45c7e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,11 @@ and this module adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0. ## [Unreleased] +## [2.1.2] - 2024-10-24 + +### Fixed +- allow `cdp.geotrust.com`, `cacerts.geotrust.com`, `cacerts.digicert.com` and `status.geotrust.com` for Entra connect + ## [2.1.1] - 2024-05-30 ### Fixed From c3b9bac25b86fbf22086b9614489b9c55443dd7c Mon Sep 17 00:00:00 2001 From: CaMMeu <145769396+CaMMeu@users.noreply.github.com> Date: Thu, 24 Oct 2024 15:51:50 +0200 Subject: [PATCH 4/4] update changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4d45c7e..d2e57a1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ and this module adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0. ## [2.1.2] - 2024-10-24 ### Fixed -- allow `cdp.geotrust.com`, `cacerts.geotrust.com`, `cacerts.digicert.com` and `status.geotrust.com` for Entra connect +- allow `cdp.geotrust.com`, `cacerts.geotrust.com`, `cacerts.digicert.com` and `status.geotrust.com` for windows activation based on [learn.microsoft.com](https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-ca-details?tabs=root-and-subordinate-cas-list#public-key-encryption-and-signature-algorithms) ## [2.1.1] - 2024-05-30