Merge pull request #10704 from hashicorp/e2e-terraform-tweaks-20210604

e2e terraform tweaks: 2021-06 edition
hashicorp · Jun 4, 2021 · 7e19e27 · 7e19e27
2 parents 52e73c1 + 9c8f762
commit 7e19e27
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 35 deletions.
diff --git a/e2e/terraform/.terraform.lock.hcl b/e2e/terraform/.terraform.lock.hcl
diff --git a/e2e/terraform/network.tf b/e2e/terraform/network.tf
@@ -7,6 +7,14 @@ data "aws_subnet" "default" {
   vpc_id            = data.aws_vpc.default.id
 }
 
+data "http" "my_public_ipv4" {
+  url = "https://ipv4.icanhazip.com"
+}
+
+locals {
+  ingress_cidr = var.restrict_ingress_cidrblock ? "${chomp(data.http.my_public_ipv4.body)}/32" : "0.0.0.0/0"
+}
+
 resource "aws_security_group" "primary" {
   name   = local.random_name
   vpc_id = data.aws_vpc.default.id
@@ -15,63 +23,39 @@ resource "aws_security_group" "primary" {
     from_port   = 22
     to_port     = 22
     protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
+    cidr_blocks = [local.ingress_cidr]
   }
 
   # Nomad
   ingress {
     from_port   = 4646
     to_port     = 4646
     protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
+    cidr_blocks = [local.ingress_cidr]
   }
 
   # Fabio
   ingress {
     from_port   = 9998
     to_port     = 9999
     protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
+    cidr_blocks = [local.ingress_cidr]
   }
 
   # Consul
   ingress {
     from_port   = 8500
     to_port     = 8500
     protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
+    cidr_blocks = [local.ingress_cidr]
   }
 
   # Vault
   ingress {
     from_port   = 8200
     to_port     = 8200
     protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  # HDFS NameNode UI
-  ingress {
-    from_port   = 50070
-    to_port     = 50070
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  # HDFS DataNode UI
-  ingress {
-    from_port   = 50075
-    to_port     = 50075
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  # Spark history server UI
-  ingress {
-    from_port   = 18080
-    to_port     = 18080
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
+    cidr_blocks = [local.ingress_cidr]
   }
 
   ingress {

diff --git a/e2e/terraform/nomad.tf b/e2e/terraform/nomad.tf
@@ -19,6 +19,8 @@ module "nomad_server" {
 
   nomad_local_binary = count.index < length(var.nomad_local_binary_server) ? var.nomad_local_binary_server[count.index] : var.nomad_local_binary
 
+  nomad_url = count.index < length(var.nomad_url_server) ? var.nomad_url_server[count.index] : var.nomad_url
+
   nomad_enterprise = var.nomad_enterprise
   nomad_license    = var.nomad_license
   nomad_acls       = var.nomad_acls
@@ -56,6 +58,8 @@ module "nomad_client_ubuntu_bionic_amd64" {
 
   nomad_local_binary = count.index < length(var.nomad_local_binary_client_ubuntu_bionic_amd64) ? var.nomad_local_binary_client_ubuntu_bionic_amd64[count.index] : var.nomad_local_binary
 
+  nomad_url = count.index < length(var.nomad_url_client_ubuntu_bionic_amd64) ? var.nomad_url_client_ubuntu_bionic_amd64[count.index] : var.nomad_url
+
   nomad_enterprise = var.nomad_enterprise
   nomad_acls       = false
   cluster_name     = local.random_name

diff --git a/e2e/terraform/packer/ubuntu-bionic-amd64/provision.sh b/e2e/terraform/packer/ubuntu-bionic-amd64/provision.sh
@@ -11,6 +11,7 @@ Options (use one of the following):
  --nomad_sha SHA          full git sha to install from S3
  --nomad_version VERSION  release version number (ex. 0.12.4+ent)
  --nomad_binary FILEPATH  path to file on host
+ --nomad_url URL          url to nomad binary archive
 
 Options for configuration:
  --config_profile FILEPATH  path to config profile directory
@@ -76,12 +77,6 @@ install_from_release() {
 }
 
 install_from_url() {
-    # check that we don't already have this version
-    if [ "$(command -v nomad)" ]; then
-        nomad -version | grep -v 'dev' | grep -q "${NOMAD_VERSION}" \
-            && echo "$NOMAD_VERSION already installed" && return
-    fi
-
     case "${NOMAD_URL}" in
         *.zip*)
             curl -sL --fail -o /tmp/nomad.zip "$NOMAD_URL"

diff --git a/e2e/terraform/variables.tf b/e2e/terraform/variables.tf
@@ -54,6 +54,12 @@ variable "profile" {
   default     = ""
 }
 
+variable "restrict_ingress_cidrblock" {
+  description = "Restrict ingress traffic to cluster to invoker ip address"
+  type        = bool
+  default     = true
+}
+
 # ----------------------------------------
 # The specific version of Nomad deployed will default to whichever one of
 # nomad_sha, nomad_version, or nomad_local_binary is set