We tried to whitelist domains only for specific IP addresses. Given the large number of domains and IP addresses, we aimed to make the configuration more readable and manageable by separating the lists into different files using the YAML lookup method as shown below:
- name: domains-ip-restriction
when:
allOf:
- reqProperty: domain
in: "{{ lookup('file', 'restricted_domains.yaml') }}"
- reqProperty: clientIp
notIn: "{{ lookup('file', 'whitelisted_ips.yaml') }}"
action:
type: block
restricted_domains.yaml:
- dev.domain1.com
- dev.domain2.com
whitelisted_ips.yaml:
- 172.143.23.10/32
However, the config pipeline failed with the following error logs:
2024-09-24T18:22:28+0000 Summary of events during the deployment step:
2024-09-24T18:22:28+0000 Begin deployment in sites-dev [CorrelationId: XXX]
2024-09-24T18:23:15+0000 Config Pipeline update status is failed
2024-09-24T18:23:15+0000 Error details are present:
2024-09-24T18:23:15+0000 Could not parse yaml file in 'restricted_domains.yaml'. Please check that you are using valid YAML syntax and check the documentation
2024-09-24T18:23:15+0000 Finished deployment in aaaem-sites-dev
We are aware that IP Allowlist can be configured via Cloud Manager for restricted websites. However, in our case, some domains need to be publicly accessible, which is why we are using this approach with CDN configuration.
Any suggestions on how to proceed with separate files for the IPs and domain lists, or is the only approach to duplicate these lists directly in the cdn.yaml file?
Topics help categorize Community content and increase your ability to discover relevant content.
Views
Replies
Total Likes
Hi @Mahedi_Sabuj ,
Have you tried to inline lists directly in yaml file and check if the build is happening fine ? This is to rule out any lookup file issue.
- name: domains-ip-restriction
when:
allOf:
- reqProperty: domain
in: ["dev.domain1.com", "dev.domain2.com"]
- reqProperty: clientIp
notIn: ["172.143.23.10/32"]
action:
type: block
Thanks,
Somen
Views
Replies
Total Likes
Inline config works fine, but we prefer managing IP addresses in a separate file for better reusability across different rules. This approach allows us to use the same IP addresses in multiple rules without duplication.
Views
Replies
Total Likes
In this case the issue can be in the format of the lookup file that you are trying to attach or pipeline script might have some specific conditions that it checks. As per current documentation every yaml file has a common syntax like below .
kind: "LogForwarding"
version: "1"
metadata:
envTypes: ["dev"]
As you are passing yaml file what changes were done to pass the list as an array to the required property field ? In publicly available documentation don't see any option to append a lookup file or valid "kind" type for lookup. Suggest to raise an Adobe support ticket to get further inputs from the engineering team.
Thanks,
Somen
Views
Replies
Total Likes
I have already raised a ticket with the Adobe Support team and awaiting their response. Thanks.
Views
Replies
Total Likes
Views
Likes
Replies