feat: deploy NC01 Sub2API target
Pipelines as Code CI / hwlab-web-probe-sentinel-nc01- Success

This commit is contained in:
Codex
2026-07-09 13:16:58 +02:00
parent 21935e7319
commit 8347d5ed1b
17 changed files with 483 additions and 37 deletions
+16 -1
View File
@@ -14,7 +14,11 @@ export interface UniDeskConfig {
database: { port: number; containerPort: number };
providerIngress: { port: number; containerPort: number };
providerData: { port: number; containerPort: number };
restrictedHostAccess?: { bindHost: string; allowedSourceCidrs: string[] };
restrictedHostAccess?: {
bindHost: string;
allowedSourceCidrs: string[];
allowedForwardRules: Array<{ id: string; sourceCidr: string; destinationCidr: string; port: number; purpose: string }>;
};
};
auth: { username: string; password: string; sessionSecret: string; sessionTtlSeconds: number };
database: { user: string; password: string; name: string; volume: string; volumeSize: string };
@@ -181,9 +185,20 @@ function optionalRestrictedHostAccess(network: Record<string, unknown>): UniDesk
const record = asRecord(value, "network.restrictedHostAccess");
const allowedSourceCidrs = stringArrayField(record, "allowedSourceCidrs", "network.restrictedHostAccess");
if (allowedSourceCidrs.length === 0) throw new Error("network.restrictedHostAccess.allowedSourceCidrs must not be empty");
const allowedForwardRules = optionalArray(record.allowedForwardRules, "network.restrictedHostAccess.allowedForwardRules").map((item, index) => {
const path = `network.restrictedHostAccess.allowedForwardRules[${index}]`;
return {
id: stringField(item, "id", path),
sourceCidr: stringField(item, "sourceCidr", path),
destinationCidr: stringField(item, "destinationCidr", path),
port: numberField(item, "port", path),
purpose: stringField(item, "purpose", path),
};
});
return {
bindHost: stringField(record, "bindHost", "network.restrictedHostAccess"),
allowedSourceCidrs,
allowedForwardRules,
};
}