Skip to content
This repository has been archived by the owner on Jan 25, 2023. It is now read-only.

Support source security group id ingress access to cluster #14

Merged
merged 1 commit into from
Oct 14, 2017
Merged

Support source security group id ingress access to cluster #14

merged 1 commit into from
Oct 14, 2017

Conversation

sclausson
Copy link
Contributor

No description provided.

@sclausson sclausson force-pushed the support-sg-ids branch 2 times, most recently from 53ca55a to 99988de Compare October 10, 2017 20:58
@sclausson
Copy link
Contributor Author

Plan runs ok locally, so not sure why/where the automated tests are failing.

@sclausson sclausson mentioned this pull request Oct 10, 2017
Closed
brikis98
brikis98 reviewed Oct 11, 2017
View reviewed changes
Copy link
Collaborator

@brikis98 brikis98 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests are failing because we moved this code to this repo fairly recently and haven't had a chance to hook up CircleCI again.

modules/consul-cluster/main.tf Outdated
@@ -95,6 +95,7 @@ resource "aws_security_group" "lc_security_group" {
}

resource "aws_security_group_rule" "allow_ssh_inbound" {
count = "${length(var.allowed_inbound_cidr_blocks) >= 1 ? 1 : 0}"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be allowed_ssh_cidr_blocks?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. I've corrected this.

modules/consul-cluster/variables.tf Outdated
@@ -24,6 +24,11 @@ variable "allowed_inbound_cidr_blocks" {
type = "list"
}

variable "allowed_inbound_security_group_ids" {
description = "A list of security group IDs that will be allowed to connect to Consul"
type = "list"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For backwards compatibility, should probably default this to an empty list.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've now set this to default = []

modules/consul-security-group-rules/main.tf
@@ -92,3 +101,101 @@ resource "aws_security_group_rule" "allow_dns_udp_inbound" {
security_group_id = "${var.security_group_id}"
}

resource "aws_security_group_rule" "allow_server_rpc_inbound_from_security_group_ids" {
count = "${length(var.allowed_inbound_security_group_ids)}"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is allowed_inbound_security_group_ids a new input variable for the consul-security-group-rules module? If so, don't you need to add it to its vars.tf and pass it in from the consul-cluster module?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. I have made these changes.

@sclausson sclausson force-pushed the support-sg-ids branch 2 times, most recently from 49f2db5 to 19c6547 Compare October 11, 2017 11:37
@sclausson
Copy link
Contributor Author

I think this should be ok now.

brikis98
brikis98 reviewed Oct 12, 2017
View reviewed changes
modules/consul-security-group-rules/variables.tf Outdated
@@ -12,6 +12,11 @@ variable "allowed_inbound_cidr_blocks" {
type = "list"
}

variable "allowed_inbound_security_group_ids" {
description = "A list of security group IDs that will be allowed to connect to Consul"
type = "list"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should probably default to an empty list for backwards compatibility

@sclausson
Copy link
Contributor Author

@brikis98 I've made one final requested change and added a default value to allowed_inbound_security_group_ids in consul-security-group-rules/variables.tf I think this is ready to merge.

@brikis98
Copy link
Collaborator

Fantastic, thank you!

@brikis98 brikis98 merged commit c2f8d5e into hashicorp:master Oct 14, 2017
@brikis98
Copy link
Collaborator

https://github.com/hashicorp/terraform-aws-consul/releases/tag/v0.0.4

aedades pushed a commit to dreamboxlearning/terraform-aws-consul that referenced this pull request Dec 6, 2022
@josh-padnick
Merge pull request hashicorp#14 from gruntwork-io/terraform_0_9_6
b6d8dda 
Clean up hackery required by Terraform 0.9.5 regression.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@brikis98 brikis98 brikis98 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sclausson @brikis98