Securing packer builds via allowed_inbound_ip_addresses (#3193)

* Trying to handover additional parameters * Make restriction to agent ip configurable * Added additional parameter to all other packer files * Added note about new parameter's incompatibility with other parameters to command line help * Added line break for better readability Co-authored-by: Mikhail Timofeev <48208649+miketimofeev@users.noreply.github.com> Co-authored-by: Mikhail Timofeev <48208649+miketimofeev@users.noreply.github.com>
2026-01-06 18:19:54 +08:00 · 2021-05-04 20:39:55 +12:00
parent c2a2904e48
commit f109d39c83
6 changed files with 22 additions and 0 deletions
--- a/images/linux/ubuntu1604.json
+++ b/images/linux/ubuntu1604.json
@@ -12,6 +12,7 @@
        "virtual_network_resource_group_name": "{{env `VNET_RESOURCE_GROUP`}}",
        "virtual_network_subnet_name": "{{env `VNET_SUBNET`}}",
        "private_virtual_network_with_public_ip": "{{env `PRIVATE_VIRTUAL_NETWORK_WITH_PUBLIC_IP`}}",
+        "allowed_inbound_ip_addresses": "{{env `AGENT_IP`}}",
        "image_folder": "/imagegeneration",
        "imagedata_file": "/imagegeneration/imagedata.json",
        "installer_script_folder": "/imagegeneration/installers",
@@ -45,6 +46,7 @@
            "virtual_network_resource_group_name": "{{user `virtual_network_resource_group_name`}}",
            "virtual_network_subnet_name": "{{user `virtual_network_subnet_name`}}",
            "private_virtual_network_with_public_ip": "{{user `private_virtual_network_with_public_ip`}}",
+            "allowed_inbound_ip_addresses": "{{user `allowed_inbound_ip_addresses`}}",
            "os_type": "Linux",
            "image_publisher": "Canonical",
            "image_offer": "UbuntuServer",
--- a/images/linux/ubuntu1804.json
+++ b/images/linux/ubuntu1804.json
@@ -12,6 +12,7 @@
        "virtual_network_resource_group_name": "{{env `VNET_RESOURCE_GROUP`}}",
        "virtual_network_subnet_name": "{{env `VNET_SUBNET`}}",
        "private_virtual_network_with_public_ip": "{{env `PRIVATE_VIRTUAL_NETWORK_WITH_PUBLIC_IP`}}",
+        "allowed_inbound_ip_addresses": "{{env `AGENT_IP`}}",
        "image_folder": "/imagegeneration",
        "imagedata_file": "/imagegeneration/imagedata.json",
        "installer_script_folder": "/imagegeneration/installers",
@@ -45,6 +46,7 @@
            "virtual_network_resource_group_name": "{{user `virtual_network_resource_group_name`}}",
            "virtual_network_subnet_name": "{{user `virtual_network_subnet_name`}}",
            "private_virtual_network_with_public_ip": "{{user `private_virtual_network_with_public_ip`}}",
+            "allowed_inbound_ip_addresses": "{{user `allowed_inbound_ip_addresses`}}",
            "os_type": "Linux",
            "image_publisher": "Canonical",
            "image_offer": "UbuntuServer",
--- a/images/linux/ubuntu2004.json
+++ b/images/linux/ubuntu2004.json
@@ -12,6 +12,7 @@
        "virtual_network_resource_group_name": "{{env `VNET_RESOURCE_GROUP`}}",
        "virtual_network_subnet_name": "{{env `VNET_SUBNET`}}",
        "private_virtual_network_with_public_ip": "{{env `PRIVATE_VIRTUAL_NETWORK_WITH_PUBLIC_IP`}}",
+        "allowed_inbound_ip_addresses": "{{env `AGENT_IP`}}",
        "image_folder": "/imagegeneration",
        "imagedata_file": "/imagegeneration/imagedata.json",
        "installer_script_folder": "/imagegeneration/installers",
@@ -45,6 +46,7 @@
            "virtual_network_resource_group_name": "{{user `virtual_network_resource_group_name`}}",
            "virtual_network_subnet_name": "{{user `virtual_network_subnet_name`}}",
            "private_virtual_network_with_public_ip": "{{user `private_virtual_network_with_public_ip`}}",
+            "allowed_inbound_ip_addresses": "{{user `allowed_inbound_ip_addresses`}}",
            "os_type": "Linux",
            "image_publisher": "canonical",
            "image_offer": "0001-com-ubuntu-server-focal",