Skip to content
This repository has been archived by the owner on Sep 9, 2022. It is now read-only.

Add security group individual rule descriptions #475

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add security group individual rule descriptions #475

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions lib/terraforming/resource/security_group.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ def permission_attributes_of(security_group, permission, type)
"#{type}.#{hashcode}.prefix_list_ids.#" => permission.prefix_list_ids.length.to_s,
"#{type}.#{hashcode}.security_groups.#" => security_groups.length.to_s,
"#{type}.#{hashcode}.self" => self_referenced_permission?(security_group, permission).to_s,
"#{type}.#{hashcode}.description" => description_of(permission).to_s,
}

permission.ip_ranges.each_with_index do |range, index|
Expand Down Expand Up @@ -190,6 +191,35 @@ def tags_attributes_of(security_group)
tags.each { |tag| attributes["tags.#{tag.key}"] = tag.value }
attributes
end

def description_of(permission)
# order doesn't matter as rules created together have same description
permission.ip_ranges.each do |rule|
unless rule.description.to_s.empty?
return rule.description
end
end

permission.ipv_6_ranges.each do |rule|
unless rule.description.to_s.empty?
return rule.description
end
end

permission.prefix_list_ids.each do |rule|
unless rule.description.to_s.empty?
return rule.description
end
end

permission.user_id_group_pairs.each do |rule|
unless rule.description.to_s.empty?
return rule.description
end
end

""
end
end
end
end
2 changes: 2 additions & 0 deletions lib/terraforming/template/tf/security_group.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ resource "aws_security_group" "<%= module_name_of(security_group) %>" {
<% dedup_permissions(security_group.ip_permissions, security_group.group_id).each do |permission| -%>
<%- security_groups = security_groups_in(permission, security_group).reject { |group_name| group_name == security_group.group_name }.reject { |group_id| group_id == security_group.group_id } -%>
ingress {
description = "<%= description_of(permission).to_s %>"
from_port = <%= permission.from_port || 0 %>
to_port = <%= permission.to_port || 0 %>
protocol = "<%= permission.ip_protocol %>"
Expand All @@ -30,6 +31,7 @@ resource "aws_security_group" "<%= module_name_of(security_group) %>" {

<% dedup_permissions(security_group.ip_permissions_egress, security_group.group_id).each do |permission| -%>
egress {
description = "<%= description_of(permission).to_s %>"
from_port = <%= permission.from_port || 0 %>
to_port = <%= permission.to_port || 0 %>
protocol = "<%= permission.ip_protocol %>"
Expand Down
32 changes: 29 additions & 3 deletions spec/lib/terraforming/resource/security_group_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,10 @@ module Resource
to_port: 22,
user_id_group_pairs: [],
ip_ranges: [
{ cidr_ip: "0.0.0.0/0" }
{
cidr_ip: "0.0.0.0/0",
description: "ip_range description test",
}
],
ipv_6_ranges: [
{ cidr_ipv_6: "::/0" }
Expand All @@ -33,6 +36,7 @@ module Resource
to_port: 22,
user_id_group_pairs: [
{
description: "user_id_group_pair description test",
user_id: "987654321012",
group_id: "sg-9876uxyz",
group_name: "piyo"
Expand Down Expand Up @@ -86,7 +90,10 @@ module Resource
{ cidr_ip: "0.0.0.0/0" }
],
ipv_6_ranges: [
{ cidr_ipv_6: "::/0" }
{
cidr_ipv_6: "::/0",
description: "ipv_6_range description test"
}
]
},
{
Expand Down Expand Up @@ -185,7 +192,10 @@ module Resource
{ cidr_ipv_6: "::/0" }
],
prefix_list_ids: [
{ prefix_list_id: "pl-xxxxxx" }
{
prefix_list_id: "pl-xxxxxx",
description: "prefix_list_id description test",
}
],
},
],
Expand All @@ -209,6 +219,7 @@ module Resource
vpc_id = ""

ingress {
description = "ip_range description test"
from_port = 22
to_port = 22
protocol = "tcp"
Expand All @@ -217,6 +228,7 @@ module Resource
}

ingress {
description = "user_id_group_pair description test"
from_port = 22
to_port = 22
protocol = "tcp"
Expand All @@ -233,6 +245,7 @@ module Resource
vpc_id = "vpc-1234abcd"

ingress {
description = ""
from_port = 0
to_port = 65535
protocol = "tcp"
Expand All @@ -241,6 +254,7 @@ module Resource
}

ingress {
description = "ipv_6_range description test"
from_port = 22
to_port = 22
protocol = "tcp"
Expand All @@ -251,6 +265,7 @@ module Resource
}

ingress {
description = ""
from_port = 7777
to_port = 7777
protocol = "tcp"
Expand All @@ -260,6 +275,7 @@ module Resource


egress {
description = ""
from_port = 22
to_port = 22
protocol = "tcp"
Expand All @@ -280,6 +296,7 @@ module Resource
vpc_id = "vpc-1234abcd"

ingress {
description = ""
from_port = 22
to_port = 22
protocol = "tcp"
Expand All @@ -291,6 +308,7 @@ module Resource


egress {
description = "prefix_list_id description test"
from_port = 1
to_port = 65535
protocol = "-1"
Expand Down Expand Up @@ -326,6 +344,7 @@ module Resource
"ingress.#" => "2",
"ingress.31326685.cidr_blocks.#" => "1",
"ingress.31326685.cidr_blocks.0" => "0.0.0.0/0",
"ingress.31326685.description" => "ip_range description test",
"ingress.31326685.from_port" => "22",
"ingress.31326685.ipv6_cidr_blocks.#" => "1",
"ingress.31326685.ipv6_cidr_blocks.0" => "::/0",
Expand All @@ -335,6 +354,7 @@ module Resource
"ingress.31326685.self" => "false",
"ingress.31326685.to_port" => "22",
"ingress.3232230010.cidr_blocks.#" => "0",
"ingress.3232230010.description" => "user_id_group_pair description test",
"ingress.3232230010.from_port" => "22",
"ingress.3232230010.ipv6_cidr_blocks.#" => "0",
"ingress.3232230010.prefix_list_ids.#" => "0",
Expand All @@ -361,6 +381,7 @@ module Resource
"egress.#" => "1",
"egress.2007587753.cidr_blocks.#" => "1",
"egress.2007587753.cidr_blocks.0" => "0.0.0.0/0",
"egress.2007587753.description" => "",
"egress.2007587753.from_port" => "22",
"egress.2007587753.ipv6_cidr_blocks.#" => "1",
"egress.2007587753.ipv6_cidr_blocks.0" => "::/0",
Expand All @@ -372,6 +393,7 @@ module Resource
"egress.2007587753.to_port" => "22",
"ingress.#" => "3",
"ingress.1728187046.cidr_blocks.#" => "0",
"ingress.1728187046.description" => "",
"ingress.1728187046.from_port" => "7777",
"ingress.1728187046.ipv6_cidr_blocks.#" => "0",
"ingress.1728187046.prefix_list_ids.#" => "0",
Expand All @@ -381,6 +403,7 @@ module Resource
"ingress.1728187046.self" => "true",
"ingress.1728187046.to_port" => "7777",
"ingress.1849628954.cidr_blocks.#" => "0",
"ingress.1849628954.description" => "",
"ingress.1849628954.from_port" => "0",
"ingress.1849628954.ipv6_cidr_blocks.#" => "0",
"ingress.1849628954.prefix_list_ids.#" => "0",
Expand All @@ -390,6 +413,7 @@ module Resource
"ingress.1849628954.to_port" => "65535",
"ingress.2890765491.cidr_blocks.#" => "1",
"ingress.2890765491.cidr_blocks.0" => "0.0.0.0/0",
"ingress.2890765491.description" => "ipv_6_range description test",
"ingress.2890765491.from_port" => "22",
"ingress.2890765491.ipv6_cidr_blocks.#" => "1",
"ingress.2890765491.ipv6_cidr_blocks.0" => "::/0",
Expand Down Expand Up @@ -417,6 +441,7 @@ module Resource
"egress.#" => "1",
"egress.3936132414.cidr_blocks.#" => "1",
"egress.3936132414.cidr_blocks.0" => "0.0.0.0/0",
"egress.3936132414.description" => "prefix_list_id description test",
"egress.3936132414.from_port" => "1",
"egress.3936132414.ipv6_cidr_blocks.#" => "1",
"egress.3936132414.ipv6_cidr_blocks.0" => "::/0",
Expand All @@ -429,6 +454,7 @@ module Resource
"ingress.#" => "1",
"ingress.3239858.cidr_blocks.#" => "1",
"ingress.3239858.cidr_blocks.0" => "0.0.0.0/0",
"ingress.3239858.description" => "",
"ingress.3239858.from_port" => "22",
"ingress.3239858.ipv6_cidr_blocks.#" => "1",
"ingress.3239858.ipv6_cidr_blocks.0" => "::/0",
Expand Down