Skip to content

Commit

Permalink
Migrating project to use groups in allowlist (#66)
Browse files Browse the repository at this point in the history 
* Updating generic service version to 2.8

* This PR migrates the project to use groups of IPs in their allowlist.

By referring to groups to IP addresses, we can centralize the definition of groups of ip addresses.
If these lists require changing in the future, we can change the definition once and future deploys across all services will automatically include these new IPs.

2 allowlist(s) have been detected that can be migrated.



## Allowlist: helm_deploy/values-preprod.yaml

### New Groups

The effect of applying this PR is as follows:

- The following groups will be applied: `internal,prisons,private_prisons,police`
- The size of the allowlist defined in this file will change: `87 => 5 (82 removed)`

### Added IPs

The new Group membership will result in the following IPs being added to your allowlist by applying this PR:


- police-nottinghamshire-1
  

- police-nottinghamshire-2
  

- police-nottinghamshire-3
  

- police-nottinghamshire-4
  

### Removed IPs

The following IPs have been identified as unnecessary and will be removed by applying this PR:


- quantum
  

- quantum_alt
  

- health-kick
  

- digitalprisons1
  

- digitalprisons2
  

- j5-phones-1
  

- j5-phones-2
  

- durham-tees-valley
  

- interservfls
  

- dxc_webproxy1
  

- dxc_webproxy2
  

- dxc_webproxy3
  

- dxc_webprox23
  

- crc-rrp
  

- crc-pp-wwm
  

## Allowlist: helm_deploy/values-prod.yaml

### New Groups

The effect of applying this PR is as follows:

- The following groups will be applied: `internal,prisons,private_prisons,police`
- The size of the allowlist defined in this file will change: `87 => 5 (82 removed)`

### Added IPs

The new Group membership will result in the following IPs being added to your allowlist by applying this PR:


- police-nottinghamshire-1
  

- police-nottinghamshire-2
  

- police-nottinghamshire-3
  

- police-nottinghamshire-4
  

### Removed IPs

The following IPs have been identified as unnecessary and will be removed by applying this PR:


- quantum
  

- quantum_alt
  

- health-kick
  

- digitalprisons1
  

- digitalprisons2
  

- j5-phones-1
  

- j5-phones-2
  

- durham-tees-valley
  

- interservfls
  

- dxc_webproxy1
  

- dxc_webproxy2
  

- dxc_webproxy3
  

- dxc_webprox23
  

- crc-rrp
  

- crc-pp-wwm

* This PR migrates the project to use groups of IPs in their allowlist.

By referring to groups to IP addresses, we can centralize the definition of groups of ip addresses.
If these lists require changing in the future, we can change the definition once and future deploys across all services will automatically include these new IPs.

2 allowlist(s) have been detected that can be migrated.



## Allowlist: helm_deploy/values-preprod.yaml

### New Groups

The effect of applying this PR is as follows:

- The following groups will be applied: `internal,prisons,private_prisons,police`
- The size of the allowlist defined in this file will change: `87 => 5 (82 removed)`

### Added IPs

The new Group membership will result in the following IPs being added to your allowlist by applying this PR:


- police-nottinghamshire-1
  

- police-nottinghamshire-2
  

- police-nottinghamshire-3
  

- police-nottinghamshire-4
  

### Removed IPs

The following IPs have been identified as unnecessary and will be removed by applying this PR:


- quantum
  

- quantum_alt
  

- health-kick
  

- digitalprisons1
  

- digitalprisons2
  

- j5-phones-1
  

- j5-phones-2
  

- durham-tees-valley
  

- interservfls
  

- dxc_webproxy1
  

- dxc_webproxy2
  

- dxc_webproxy3
  

- dxc_webprox23
  

- crc-rrp
  

- crc-pp-wwm
  

## Allowlist: helm_deploy/values-prod.yaml

### New Groups

The effect of applying this PR is as follows:

- The following groups will be applied: `internal,prisons,private_prisons,police`
- The size of the allowlist defined in this file will change: `87 => 5 (82 removed)`

### Added IPs

The new Group membership will result in the following IPs being added to your allowlist by applying this PR:


- police-nottinghamshire-1
  

- police-nottinghamshire-2
  

- police-nottinghamshire-3
  

- police-nottinghamshire-4
  

### Removed IPs

The following IPs have been identified as unnecessary and will be removed by applying this PR:


- quantum
  

- quantum_alt
  

- health-kick
  

- digitalprisons1
  

- digitalprisons2
  

- j5-phones-1
  

- j5-phones-2
  

- durham-tees-valley
  

- interservfls
  

- dxc_webproxy1
  

- dxc_webproxy2
  

- dxc_webproxy3
  

- dxc_webprox23
  

- crc-rrp
  

- crc-pp-wwm

* Updating HMPPS circle orb version to 7
  • Loading branch information
@andrewrlee
andrewrlee authored Nov 15, 2023
1 parent b76c7f6 commit d2d4531
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 191 deletions.
8 changes: 5 additions & 3 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
version: 2.1

orbs:
hmpps: ministryofjustice/hmpps@7.2.1
hmpps: ministryofjustice/hmpps@7
slack: circleci/slack@4.12.5

parameters:
Expand Down Expand Up @@ -43,7 +43,8 @@ jobs:
- run:
command: |
npm run build
- run: # Run linter after build because the integration test code depend on compiled typescript...
- run:
# Run linter after build because the integration test code depend on compiled typescript...
name: Linter check
command: npm run lint
- persist_to_workspace:
Expand Down Expand Up @@ -86,7 +87,8 @@ jobs:
key: dependency-cache-{{ checksum "package-lock.json" }}
- run:
name: Get wiremock
command: curl -o wiremock.jar https://repo1.maven.org/maven2/com/github/tomakehurst/wiremock-standalone/2.27.1/wiremock-standalone-2.27.1.jar
command: curl -o wiremock.jar
https://repo1.maven.org/maven2/com/github/tomakehurst/wiremock-standalone/2.27.1/wiremock-standalone-2.27.1.jar
- run:
name: Run wiremock
command: java -jar wiremock.jar --port 9091
Expand Down
2 changes: 1 addition & 1 deletion helm_deploy/hmpps-digital-prison-services/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ name: hmpps-digital-prison-services
version: 0.2.0
dependencies:
- name: generic-service
version: 2.6.3
version: "2.8"
repository: https://ministryofjustice.github.io/hmpps-helm-charts
- name: generic-prometheus-alerts
version: 1.3.2
Expand Down
104 changes: 10 additions & 94 deletions helm_deploy/values-preprod.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
---
# Per environment values which override defaults in hmpps-digital-prison-services/values.yaml

generic-service:
Expand Down Expand Up @@ -77,99 +76,16 @@ generic-service:
COMPONENT_API_LATEST: true

allowlist:
office: "217.33.148.210/32"
quantum: "62.25.109.197/32"
petty-france-wifi: "213.121.161.112/28"
global-protect: "35.176.93.186/32"
quantum_alt: "212.137.36.230/32"
health-kick: "35.177.252.195/32"
digitalprisons1: "52.56.112.98/32"
digitalprisons2: "52.56.118.154/32"
mojvpn: "81.134.202.29/32"
j5-phones-1: "35.177.125.252/32"
j5-phones-2: "35.177.137.160/32"
sodexo-northumberland: "88.98.48.10/32"
sodexo-northumberland2: "51.148.47.137/32"
sodoxeo-forest-bank: "51.155.85.249/32"
sodexo-peterborough: "51.155.55.241/32"
serco: "217.22.14.0/24"
ark-nps-hmcts-ttp1: "195.59.75.0/24"
ark-nps-hmcts-ttp2: "194.33.192.0/25"
ark-nps-hmcts-ttp3: "194.33.193.0/25"
ark-nps-hmcts-ttp4: "194.33.196.0/25"
ark-nps-hmcts-ttp5: "194.33.197.0/25"
oakwood-01: "217.161.76.184/29"
oakwood-02: "217.161.76.192/29"
oakwood-1: "217.161.76.187/32"
oakwood-2: "217.161.76.195/32"
oakwood-3: "217.161.76.186/32"
oakwood-4: "217.161.76.194/32"
durham-tees-valley: "51.179.197.1/32"
interservfls: "51.179.196.131/32"
sodexo1: "80.86.46.16/32"
sodexo2: "80.86.46.17/32"
sodexo3: "80.86.46.18/32"
sodexo4: "51.148.9.201"
cloudplatform-live1-1: "35.178.209.113/32"
cloudplatform-live1-2: "3.8.51.207/32"
cloudplatform-live1-3: "35.177.252.54/32"
dxc_webproxy1: "195.92.38.20/32"
dxc_webproxy2: "195.92.38.21/32"
dxc_webproxy3: "195.92.38.22/32"
dxc_webprox23: "195.92.38.23/32"
moj-official-tgw-prod: "51.149.250.0/24"
moj-official-tgw-preprod: "51.149.251.0/24"
crc-rrp: "62.253.83.37/32"
crc-pp-wwm: "5.153.255.210/32"
moj-official-ark-c-expo-e: "51.149.249.0/29"
moj-official-ark-c-vodafone: "194.33.248.0/29"
moj-official-ark-f-vodafone: "194.33.249.0/29"
moj-official-ark-f-expo-e: "51.149.249.32/29"
met-police-talktalk-vpn-1: "212.139.143.66/32"
met-police-talktalk-vpn-2: "212.74.97.221/32"
met-police-vodafone-1: "195.27.18.79/32"
met-police-vodafone-2: "195.27.18.110/32"
met-police-vodafone-3: "195.80.67.207/32"
police-1: "81.144.174.115/32"
police-2: "81.144.241.238/32"
police-3: "62.252.202.50/32"
police-4-1: "80.194.71.100/32"
police-4-2: "82.33.248.165/32"
police-5: "52.56.62.0/24"
police-6: "80.193.134.32/32"
police-7: "195.92.38.21/32"
police-8: "80.193.128.200/32"
police-9: "194.73.161.50/32"
police-10: "165.225.81.49/32"
police-11: "195.89.175.213/32"
police-12: "195.89.175.229/32"
police-northants-1: "212.250.136.96/27"
police-northants-2: "213.106.80.32/27"
police-west-york-1: "195.188.22.0/27"
police-west-york-2: "195.188.22.128/27"
police-west-york-3: "195.89.14.37"
police-west-york-4: "195.27.188.37"
police-south-york-public: "80.193.114.10"
police-south-york-mossway: "51.231.157.126"
police-south-york-atlas: "51.231.157.222"
police-humberside-public: "80.100.176.162"
police-humberside-priory: "51.231.157.226"
sscl-blackpool: "31.121.5.27"
sscl-azure: "51.142.106.199"
sscl-york: "62.6.61.29"
sscl-newcastle: "62.172.79.105"
sscl-newport: "217.38.237.212"
fivewells-1: "20.49.214.199/32"
fivewells-2: "20.49.214.228/32"
fivewells-3: "195.89.157.56/29"
fivewells-4: "195.59.215.184/29"
fivewells-5: "51.149.250.0/24"
fivewells-6: "51.149.249.0/29"
fivewells-7: "194.33.249.0/29"
fivewells-8: "51.149.249.32/29"
fivewells-9: "194.33.248.0/29"
azure-landing-zone-public-egress-1: "20.26.11.71/32"
azure-landing-zone-public-egress-2: "20.26.11.108/32"
sscl-blackpool: 31.121.5.27/32
sscl-azure: 51.142.106.199/32
sscl-york: 62.6.61.29/32
sscl-newcastle: 62.172.79.105/32
sscl-newport: 217.38.237.212/32
groups:
- internal
- prisons
- private_prisons
- police

generic-prometheus-alerts:
alertSeverity: hmpps-digital-prison-services-non-prod
103 changes: 10 additions & 93 deletions helm_deploy/values-prod.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,99 +80,16 @@ generic-service:
COMPONENT_API_LATEST: false

allowlist:
office: "217.33.148.210/32"
quantum: "62.25.109.197/32"
petty-france-wifi: "213.121.161.112/28"
global-protect: "35.176.93.186/32"
quantum_alt: "212.137.36.230/32"
health-kick: "35.177.252.195/32"
digitalprisons1: "52.56.112.98/32"
digitalprisons2: "52.56.118.154/32"
mojvpn: "81.134.202.29/32"
j5-phones-1: "35.177.125.252/32"
j5-phones-2: "35.177.137.160/32"
sodexo-northumberland: "88.98.48.10/32"
sodexo-northumberland2: "51.148.47.137/32"
sodoxeo-forest-bank: "51.155.85.249/32"
sodexo-peterborough: "51.155.55.241/32"
serco: "217.22.14.0/24"
ark-nps-hmcts-ttp1: "195.59.75.0/24"
ark-nps-hmcts-ttp2: "194.33.192.0/25"
ark-nps-hmcts-ttp3: "194.33.193.0/25"
ark-nps-hmcts-ttp4: "194.33.196.0/25"
ark-nps-hmcts-ttp5: "194.33.197.0/25"
oakwood-01: "217.161.76.184/29"
oakwood-02: "217.161.76.192/29"
oakwood-1: "217.161.76.187/32"
oakwood-2: "217.161.76.195/32"
oakwood-3: "217.161.76.186/32"
oakwood-4: "217.161.76.194/32"
durham-tees-valley: "51.179.197.1/32"
interservfls: "51.179.196.131/32"
sodexo1: "80.86.46.16/32"
sodexo2: "80.86.46.17/32"
sodexo3: "80.86.46.18/32"
sodexo4: "51.148.9.201"
cloudplatform-live1-1: "35.178.209.113/32"
cloudplatform-live1-2: "3.8.51.207/32"
cloudplatform-live1-3: "35.177.252.54/32"
dxc_webproxy1: "195.92.38.20/32"
dxc_webproxy2: "195.92.38.21/32"
dxc_webproxy3: "195.92.38.22/32"
dxc_webprox23: "195.92.38.23/32"
moj-official-tgw-prod: "51.149.250.0/24"
moj-official-tgw-preprod: "51.149.251.0/24"
crc-rrp: "62.253.83.37/32"
crc-pp-wwm: "5.153.255.210/32"
moj-official-ark-c-expo-e: "51.149.249.0/29"
moj-official-ark-c-vodafone: "194.33.248.0/29"
moj-official-ark-f-vodafone: "194.33.249.0/29"
moj-official-ark-f-expo-e: "51.149.249.32/29"
met-police-talktalk-vpn-1: "212.139.143.66/32"
met-police-talktalk-vpn-2: "212.74.97.221/32"
met-police-vodafone-1: "195.27.18.79/32"
met-police-vodafone-2: "195.27.18.110/32"
met-police-vodafone-3: "195.80.67.207/32"
police-1: "81.144.174.115/32"
police-2: "81.144.241.238/32"
police-3: "62.252.202.50/32"
police-4-1: "80.194.71.100/32"
police-4-2: "82.33.248.165/32"
police-5: "52.56.62.0/24"
police-6: "80.193.134.32/32"
police-7: "195.92.38.21/32"
police-8: "80.193.128.200/32"
police-9: "194.73.161.50/32"
police-10: "165.225.81.49/32"
police-11: "195.89.175.213/32"
police-12: "195.89.175.229/32"
police-northants-1: "212.250.136.96/27"
police-northants-2: "213.106.80.32/27"
police-west-york-1: "195.188.22.0/27"
police-west-york-2: "195.188.22.128/27"
police-west-york-3: "195.89.14.37"
police-west-york-4: "195.27.188.37"
police-south-york-public: "80.193.114.10"
police-south-york-mossway: "51.231.157.126"
police-south-york-atlas: "51.231.157.222"
police-humberside-public: "80.100.176.162"
police-humberside-priory: "51.231.157.226"
sscl-blackpool: "31.121.5.27"
sscl-azure: "51.142.106.199"
sscl-york: "62.6.61.29"
sscl-newcastle: "62.172.79.105"
sscl-newport: "217.38.237.212"
fivewells-1: "20.49.214.199/32"
fivewells-2: "20.49.214.228/32"
fivewells-3: "195.89.157.56/29"
fivewells-4: "195.59.215.184/29"
fivewells-5: "51.149.250.0/24"
fivewells-6: "51.149.249.0/29"
fivewells-7: "194.33.249.0/29"
fivewells-8: "51.149.249.32/29"
fivewells-9: "194.33.248.0/29"
azure-landing-zone-public-egress-1: "20.26.11.71/32"
azure-landing-zone-public-egress-2: "20.26.11.108/32"
sscl-blackpool: 31.121.5.27/32
sscl-azure: 51.142.106.199/32
sscl-york: 62.6.61.29/32
sscl-newcastle: 62.172.79.105/32
sscl-newport: 217.38.237.212/32
groups:
- internal
- prisons
- private_prisons
- police

generic-prometheus-alerts:
alertSeverity: hmpps-digital-prison-services-prod

0 comments on commit d2d4531

Please sign in to comment.