Add the SSH security section to UI
This change adds the new section with new checkbox as a separate control instead of the toggleable section because of the description which should be available even if the section is disabled (default). DocImpact Change-Id: I34c9907d781b81253ed6942c67b16f8480de3bb5 Partial-Bug: #1419657 Signed-off-by: Maksim Malchuk <mmalchuk@mirantis.com>
This commit is contained in:
parent
e84303dc33
commit
38ec2bea08
|
@ -1352,6 +1352,35 @@
|
|||
restrictions:
|
||||
- condition: "settings:public_ssl.horizon.value == false and settings:public_ssl.services.value == false"
|
||||
action: "hide"
|
||||
ssh:
|
||||
metadata:
|
||||
label: "SSH security"
|
||||
weight: 120
|
||||
group: "security"
|
||||
toggleable: false
|
||||
enabled: true
|
||||
security_enabled:
|
||||
value: false
|
||||
label: "Restrict SSH service on network"
|
||||
description: |
|
||||
NOTE: When enabled, provide at least one working IP address (the Fuel Master node IP is already added).
|
||||
We recommend adding new addresses instead of replacing the provided Fuel Master node IP.
|
||||
When disabled (by default), the admin, management, and storage networks are only allowed to connect to the SSH service.
|
||||
weight: 10
|
||||
type: "checkbox"
|
||||
security_networks:
|
||||
value:
|
||||
- "{settings.MASTER_IP}"
|
||||
label: "Restrict access to"
|
||||
description: "IPv4/CIDR address"
|
||||
weight: 20
|
||||
type: "text_list"
|
||||
regex:
|
||||
source: &ipv4_cidr_regex '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$'
|
||||
error: "Invalid IPv4/CIDR address"
|
||||
restrictions:
|
||||
- condition: "settings:ssh.security_enabled.value == false"
|
||||
action: "hide"
|
||||
kernel_params:
|
||||
metadata:
|
||||
label: "Kernel parameters"
|
||||
|
|
|
@ -155,6 +155,11 @@ class InstallationInfo(object):
|
|||
'public_ssl_services', None),
|
||||
WhiteListRule(('public_ssl', 'cert_source', 'value'),
|
||||
'public_ssl_cert_source', None),
|
||||
|
||||
WhiteListRule(('ssh', 'security_enabled', 'value'),
|
||||
'security_enabled', bool),
|
||||
WhiteListRule(('ssh', 'security_networks', 'value'),
|
||||
'security_networks', None),
|
||||
)
|
||||
|
||||
vmware_attributes_white_list = (
|
||||
|
|
Loading…
Reference in New Issue