oos-templates/PublicTemplates/JSON/ACS-MongoDB-ModifyAccessWhiteList.json at master · aliyun/oos-templates · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
{
  "FormatVersion": "OOS-2019-06-01",
  "Description": {
    "en": "Modify mongoDB instance ip whitelist",
    "zh-cn": "删除mongoDB集群IP白名单中的0.0.0.0/0",
    "name-en": "ACS-MongoDB-ModifyAccessWhiteList",
    "name-zh-cn": "删除mongoDB集群IP白名单中的0.0.0.0/0",
    "categories": [
      "security"
    ]
  },
  "Tasks": [
    {
      "Name": "describeSecurityIps",
      "Action": "ACS::ExecuteAPI",
      "Description": {
        "en": "Describes the whitelist",
        "zh-cn": "获取白名单信息"
      },
      "Properties": {
        "Service": "dds",
        "API": "DescribeSecurityIps",
        "Parameters": {
          "DBInstanceId": "{{ dbInstanceId }}",
          "regionId": "{{ regionId }}"
        }
      },
      "Outputs": {
        "securityIpGroups": {
          "Type": "List",
          "ValueSelector": ".SecurityIpGroups.SecurityIpGroup[] | select(.SecurityIpList | contains(\"0.0.0.0/0\")) | {\"SecurityIpList\": .SecurityIpList, \"SecurityIpGroupName\": .SecurityIpGroupName}"
        }
      }
    },
    {
      "Name": "deleteIpFromWhitelist",
      "Action": "ACS::ExecuteAPI",
      "Description": {
        "en": "Delete ipaddress from whitelist",
        "zh-cn": "从白名单删除IP"
      },
      "Properties": {
        "Service": "dds",
        "API": "ModifySecurityIps",
        "Parameters": {
          "regionId": "{{ regionId }}",
          "DBInstanceId": "{{ dbInstanceId }}",
          "ModifyMode": "Delete",
          "SecurityIps": "{{ securityIp }}",
          "SecurityIpGroupName": {
            "Fn::Select": [
              "SecurityIpGroupName",
              "{{ ACS::TaskLoopItem }}"
            ]
          }
        }
      },
      "Outputs": {},
      "Loop": {
        "Items": "{{ describeSecurityIps.securityIpGroups }}",
        "RateControl": {
          "Mode": "Concurrency",
          "MaxErrors": 0,
          "Concurrency": 1
        },
        "Outputs": {}
      }
    }
  ],
  "Parameters": {
    "dbInstanceId": {
      "Label": {
        "en": "mongodbInstanceId",
        "zh-cn": "mongoDB集群ID"
      },
      "Type": "String"
    },
    "securityIp": {
      "Label": {
        "en": "SecurityIp",
        "zh-cn": "待删除的ip"
      },
      "Type": "String",
      "Default": "0.0.0.0/0"
    },
    "regionId": {
      "Label": {
        "en": "RegionId",
        "zh-cn": "地域ID"
      },
      "Type": "String",
      "AssociationProperty": "RegionId",
      "Default": "{{ ACS::RegionId }}"
    },
    "OOSAssumeRole": {
      "Label": {
        "en": "OOSAssumeRole",
        "zh-cn": "OOS扮演的RAM角色"
      },
      "Type": "String",
      "Default": ""
    }
  },
  "RamRole": "{{ OOSAssumeRole }}"
}