Merge remote-tracking branch 'origin/block-egress' into snapshot-restore

Author: ppiwowa-csco

roles/aws_controllers/defaults/main.yml

@@ -32,6 +32,7 @@ vbond_port: 12346
 default_vbond_ip: 192.168.1.199  # default ips from official Cisco guides
 ipv6_strict_control: true
 # vpn0_interface_color: default
+aws_sg_block_egress: false
 
 
 ###############################

roles/aws_controllers/tasks/aws_vbond_ec2_instance.yml

@@ -197,10 +197,6 @@
     purge_rules_egress: false
     rules: "{{ sg_rules_vbond }}"
     rules_egress: "{{ sg_rules_vbond if aws_sg_block_egress else [] }}"
-  register: allow_traffic
-  retries: 3
-  delay: 3
-  until: allow_traffic is succeeded
   vars:
     sg_rules_vbond:
       - proto: all
@@ -215,6 +211,10 @@
       - proto: all
         cidr_ipv6: "{{ instance.transport_public_ipv6 }}/128"
         rule_desc: "{{ hostname }} - transport IPv6 (VPN 0)"
+  register: allow_traffic
+  retries: 3
+  delay: 3
+  until: allow_traffic is succeeded
 
 - name: Create record in internal DNS zone
   amazon.aws.route53:

roles/azure_controllers/defaults/main.yml

@@ -55,7 +55,7 @@ az_subnets: |
 
 # Security group
 az_network_security_group: "{{ az_resources_prefix }}-nsg"
-az_nsg_block_edgess: false
+az_nsg_block_egress: false
 
 
 # Private DNS zone

roles/azure_controllers/tasks/azure_vbond_vm.yml

@@ -57,7 +57,7 @@
   azure.azcollection.azure_rm_securitygroup:
     resource_group: "{{ az_resource_group }}"
     name: "{{ az_network_security_group }}"
-    rules: "{{ [inbound_rule, outbound_rule] if az_nsg_block_edgess else [inbound_rule] }}"
+    rules: "{{ [inbound_rule, outbound_rule] if az_nsg_block_egress else [inbound_rule] }}"
     tags:
       Name: "{{ az_network_security_group }}"
       Creator: "{{ az_tag_creator }}"

roles/azure_controllers/tasks/azure_vmanage_vm.yml

@@ -60,7 +60,7 @@
   azure.azcollection.azure_rm_securitygroup:
     resource_group: "{{ az_resource_group }}"
     name: "{{ az_network_security_group }}"
-    rules: "{{ [inbound_rule, outbound_rule] if az_nsg_block_edgess else [inbound_rule] }}"
+    rules: "{{ [inbound_rule, outbound_rule] if az_nsg_block_egress else [inbound_rule] }}"
     tags:
       Name: "{{ az_network_security_group }}"
       Creator: "{{ az_tag_creator }}"
@@ -159,7 +159,7 @@
   azure.azcollection.azure_rm_securitygroup:
     resource_group: "{{ az_resource_group }}"
     name: "{{ az_network_security_group }}"
-    rules: "{{ [inbound_rule, outbound_rule] if az_nsg_block_edgess else [inbound_rule] }}"
+    rules: "{{ [inbound_rule, outbound_rule] if az_nsg_block_egress else [inbound_rule] }}"
     tags:
       Name: "{{ az_network_security_group }}"
       Creator: "{{ az_tag_creator }}"

roles/azure_controllers/tasks/azure_vsmart_vm.yml

@@ -57,7 +57,7 @@
   azure.azcollection.azure_rm_securitygroup:
     resource_group: "{{ az_resource_group }}"
     name: "{{ az_network_security_group }}"
-    rules: "{{ [inbound_rule, outbound_rule] if az_nsg_block_edgess else [inbound_rule] }}"
+    rules: "{{ [inbound_rule, outbound_rule] if az_nsg_block_egress else [inbound_rule] }}"
     tags:
       Name: "{{ az_network_security_group }}"
       Creator: "{{ az_tag_creator }}"

roles/azure_network_infrastructure/defaults/main.yml

@@ -58,7 +58,7 @@ az_subnets: |
 
 # Security group
 az_network_security_group: "{{ az_resources_prefix }}-nsg"
-az_nsg_block_edgess: false
+az_nsg_block_egress: false
 
 
 # Private DNS zone

roles/azure_network_infrastructure/tasks/azure_network_infrastructure.yml

@@ -124,7 +124,7 @@
       Name: "{{ az_network_security_group }}"
       Creator: "{{ az_tag_creator }}"
       Organization: "{{ organization_name }}"
-  when: az_nsg_block_edgess
+  when: az_nsg_block_egress
 
 - name: Create a private DNS zone
   azure.azcollection.azure_rm_privatednszone: