Merge pull request #375 from smerle33/updatecli/public-db/vnet

chore(updatecli): add azure-public-db-vnet in the manifest and calcul netmask

updatecli/scripts/netmask.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+# Return netmask for a given network and CIDR.
+# Convert CIDR suffix to netmask
+cidr_to_netmask() {
+    local cidr=$1
+    local mask=(0 0 0 0)
+    for ((i=0; i<cidr; i++)); do
+        mask[i/8]=$((mask[i/8] + (1 << (7 - i % 8))))
+    done
+    echo "${mask[0]}.${mask[1]}.${mask[2]}.${mask[3]}"
+}
+# Extract IP address and CIDR suffix
+ip=$(cut -d'/' -f1 <<< "$1")
+suffix=$(cut -d'/' -f2 <<< "$1")
+
+# Convert CIDR suffix to netmask
+netmask=$(cidr_to_netmask "${suffix}")
+
+# echo result
+echo "${ip} ${netmask}"

updatecli/updatecli.d/restricted-ips.yaml

@@ -1,4 +1,4 @@
-name: Update list of IPs restricted to VPN access only
+name: Update list of IPs restricted to VPN access only & update vnets
 
 scms:
   default:
@@ -13,21 +13,38 @@ scms:
       branch: "{{ .github.branch }}"
 
 sources:
-  aws-ci-jenkins-io:
+  aws-ci-jenkins-io-cidr:
     kind: json
     spec:
       file: https://reports.jenkins.io/jenkins-infra-data-reports/aws-sponsorship.json
       # Outbound IPs are also public "inbound" IPs for EC2 instances
       # The 2nd element is the IPv4 (1st is IPv6)
       key: .aws\.ci\.jenkins\.io.outbound_ips.controller.[1]
+    transformers:
+      - addsuffix: '/32'
+  aws-ci-jenkins-io-netmask:
+    kind: shell
+    dependson:
+      - aws-ci-jenkins-io-cidr
+    spec:
+      command: bash ./updatecli/scripts/netmask.sh {{ source "aws-ci-jenkins-io-cidr" }}
+  azure-public-db-vnet-cidr:
+    kind: json
+    spec:
+      file: https://reports.jenkins.io/jenkins-infra-data-reports/azure-net.json
+      key: .vnets.public-db-vnet.[0]
+  azure-public-db-vnet-netmask:
+    kind: shell
+    dependson:
+      - azure-public-db-vnet-cidr
+    spec:
+      command: bash ./updatecli/scripts/netmask.sh {{ source "azure-public-db-vnet-cidr" }}
 
 targets:
   openvpn-cli-config:
     name: Update ci.jenkins.io public IP in the YAML configuration of our OpenVPN CLI
     kind: yaml
-    sourceid: aws-ci-jenkins-io
-    transformers:
-      - addsuffix: '/32'
+    sourceid: aws-ci-jenkins-io-cidr
     spec:
       file: config.yaml
       # That is a rather fragile pattern. TODO: improve our CLI to use maps instead of arrays
@@ -53,10 +70,41 @@ targets:
         - cert/ccd/private/wfollonier
       matchpattern: |
         # aws.ci.jenkins.io VM
-        push "route (.*) 255.255.255.255"
+        push "route (.*) 255\.255\..*\..*"
       replacepattern: |
         # aws.ci.jenkins.io VM
-        push "route {{ source "aws-ci-jenkins-io" }} 255.255.255.255"
+        push "route {{ source "aws-ci-jenkins-io-netmask" }}"
+    scmid: default
+  openvpn-cli-config-public-db-vnet:
+    name: Update public-db vnet IP in the YAML configuration of our OpenVPN CLI
+    kind: yaml
+    sourceid: azure-public-db-vnet-cidr
+    spec:
+      file: config.yaml
+      # That is a rather fragile pattern. TODO: improve our CLI to use maps instead of arrays
+      key: $.networks[0].routes[2]
+    scmid: default
+  ccd-user-configs-public-db-vnet:
+    name: Update public-db vnet IP in the user CCD routing configurations
+    kind: file
+    disablesourceinput: true
+    spec:
+      files:
+        - cert/ccd/private/danielbeck
+        - cert/ccd/private/dduportal
+        - cert/ccd/private/kevingrdj
+        - cert/ccd/private/krisstern
+        - cert/ccd/private/markewaite
+        - cert/ccd/private/notmyfault
+        - cert/ccd/private/smerle
+        - cert/ccd/private/timja
+        - cert/ccd/private/wfollonier
+      matchpattern: |
+        # public-db vnet
+        push "route (.*) 255\.255\..*\..*"
+      replacepattern: |
+        # public-db vnet
+        push "route {{ source "azure-public-db-vnet-netmask" }}"
     scmid: default
 
 actions: