Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Implement ingress and egress with prefix lists #258

Merged
merged 7 commits into from Jun 6, 2023
Merged

feat: Implement ingress and egress with prefix lists #258

merged 7 commits into from Jun 6, 2023

Conversation

andyshinn
Copy link
Contributor

@andyshinn andyshinn commented Sep 20, 2022
edited

Description

This is a reopening of pull request #226 which didn't get any movement. I am opening after forking and rebasing to see if we can get some movement on it as I would like the feature.

This feature aims at allowing the module to provision SG Rules by specifying explicitly the ingress or ingress rules with prefix lists. It also allows to unset a new variable enable_prefix_lists_cross_over which drives whether there should be cross over flow openings between the inputs (self, cidr blocks, or security groups) and the prefix lists.

Motivation and Context

I am creating security groups with prefix lists as ingress and egress targets.

Breaking Changes

How Has This Been Tested?

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects
  • I have executed pre-commit run -a on my pull request

I am still going through the testing parts (trouble getting pre-commit to run). But I am applying this to projects using my fork.

@andyshinn andyshinn force-pushed the ashinn/support-prefix-list-custom-reules-from-schniber branch from 4749952 to bca1ce6 Compare September 20, 2022 19:50
@github-actions
Copy link

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

@github-actions github-actions bot added the stale label Oct 21, 2022
@andyshinn andyshinn force-pushed the ashinn/support-prefix-list-custom-reules-from-schniber branch 2 times, most recently from 63c3cdb to 1dc33e2 Compare October 21, 2022 16:27
@andyshinn
Copy link
Contributor Author

Thanks, bot. It is still a desired PR.

@andyshinn andyshinn changed the title Implement ingress and egress with prefix lists feat: Implement ingress and egress with prefix lists Oct 21, 2022
@github-actions github-actions bot removed the stale label Oct 22, 2022
@andyshinn andyshinn force-pushed the ashinn/support-prefix-list-custom-reules-from-schniber branch from 1dc33e2 to 7cc8ea3 Compare November 9, 2022 20:18
@github-actions
Copy link

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

@github-actions github-actions bot added the stale label Dec 10, 2022
@andyshinn
Copy link
Contributor Author

Thanks, bot. It is still a desired PR.

@github-actions github-actions bot removed the stale label Dec 11, 2022
@github-actions
Copy link

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

@github-actions github-actions bot added the stale label Jan 11, 2023
@andyshinn
Copy link
Contributor Author

Thanks, bot. It is still a desired PR.

@andyshinn andyshinn force-pushed the ashinn/support-prefix-list-custom-reules-from-schniber branch from bcac86f to 3c0981f Compare January 11, 2023 05:09
@github-actions github-actions bot removed the stale label Jan 12, 2023
@github-actions
Copy link

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

@github-actions github-actions bot added the stale label Feb 12, 2023
@andyshinn
Copy link
Contributor Author

Thanks, bot. It is still a desired PR.

@andyshinn andyshinn force-pushed the ashinn/support-prefix-list-custom-reules-from-schniber branch 2 times, most recently from 8c27973 to ac51765 Compare February 13, 2023 17:00
@github-actions github-actions bot removed the stale label Feb 14, 2023
loicvolle
loicvolle approved these changes Feb 14, 2023
View reviewed changes
Copy link

@loicvolle loicvolle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@keenobi
Copy link

keenobi commented Mar 16, 2023

Hello !
Thanks for the PR, this is exactly what we are looking for ! 👍

@antonbabenko is it something that may block the merge ?

Best regards

@github-actions
Copy link

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

@github-actions github-actions bot added the stale label Apr 16, 2023
@andyshinn
Copy link
Contributor Author

Thanks, bot. It is still a desired PR.

@github-actions github-actions bot removed the stale label Apr 18, 2023
@dokuur
Copy link

dokuur commented May 15, 2023

@andyshinn , can you fix all conflicts? Maybe after that your PR will accepted

@andyshinn andyshinn force-pushed the ashinn/support-prefix-list-custom-reules-from-schniber branch from ac51765 to ff9164f Compare May 18, 2023 15:51
@andyshinn
Copy link
Contributor Author

Rebased to fix conflicts.

antonbabenko
antonbabenko requested changes May 18, 2023
View reviewed changes
Copy link
Member

@antonbabenko antonbabenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks rather good, but there are still a few things to do.

PS: Apologies that it took ages to review this PR.

examples/complete/main.tf Show resolved Hide resolved
main.tf
security_group_id = local.this_sg_id
type = "ingress"

prefix_list_ids = var.ingress_prefix_list_ids
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
prefix_list_ids = var.ingress_prefix_list_ids
prefix_list_ids = var.ingress_with_prefix_list_ids

Or something along those lines, right?

Please verify in other resources, too.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a little confused here. The ingress_with_prefix_list_ids is the list of custom rules to apply, not the list of prefix IDs. I was just following the template of the other ones which create a resource per rule (ingress_with_prefix_list_ids and then set the argument to the resource ID to apply to (ingress_prefix_list_ids). Let me know if I have confused something and if you could clarify.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right. I misunderstood the code.

variables.tf Show resolved Hide resolved
@w0rldart
Copy link

w0rldart commented Jun 1, 2023

What is missing for this PR to be merged?

@andyshinn
Copy link
Contributor Author

I will fix the feedback items soon. I am busy last few weeks.

antonbabenko
antonbabenko approved these changes Jun 6, 2023
View reviewed changes
Copy link
Member

@antonbabenko antonbabenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

main.tf
security_group_id = local.this_sg_id
type = "ingress"

prefix_list_ids = var.ingress_prefix_list_ids
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right. I misunderstood the code.

@antonbabenko antonbabenko merged commit 2e1cbcb into terraform-aws-modules:master Jun 6, 2023
69 checks passed
@antonbabenko
Copy link
Member

Thank you @andyshinn !

antonbabenko pushed a commit that referenced this pull request Jun 6, 2023
@semantic-release-bot
chore(release): version 5.1.0 [skip ci]
43974e9 
## [5.1.0](v5.0.0...v5.1.0) (2023-06-06)

### Features

* Implement ingress and egress with prefix lists ([#258](#258)) ([2e1cbcb](2e1cbcb))
@antonbabenko
Copy link
Member

This PR is included in version 5.1.0 🎉

@antonbabenko antonbabenko mentioned this pull request Jun 9, 2023
Closed
1 task
@github-actions
Copy link

github-actions bot commented Jul 6, 2023

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@antonbabenko antonbabenko antonbabenko approved these changes

@loicvolle loicvolle loicvolle approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@andyshinn @keenobi @dokuur @w0rldart @antonbabenko @loicvolle