Skip to content
This repository was archived by the owner on Sep 9, 2022. It is now read-only.

Add security group individual rule descriptions#475

Open
liamrahav wants to merge 1 commit intodtan4:masterfrom
liamrahav:pr/sg-rule-descriptions
Open

Add security group individual rule descriptions#475
liamrahav wants to merge 1 commit intodtan4:masterfrom
liamrahav:pr/sg-rule-descriptions

Conversation

@liamrahav
Copy link
Copy Markdown

@liamrahav liamrahav commented Jun 26, 2019

This addresses the concern from #437. This PR adds a description into each rule block in an SG.

ingress/egress {
  from_port       = ...
  to_port         = ...
  protocol        = ...
  cidr_blocks     = ...
}

is now

ingress/egress {
  description     = "<description>"
  from_port       = ...
  to_port         = ...
  protocol        = ...
  cidr_blocks     = ...
}

There is a limitation to this approach though. When creating a rule with multiple cidr blocks or security groups, 2 separate rules are created in the AWS console, but get processed by the API/terraforming as 1 rule with 2 cidr blocks / security groups.

If you were to (1) create a rule like described above, and (2) manually edit the description of one of those rules in the AWS console, the current way terraforming is structured (using in-line rules) would not be able to preserve the changed description.

As discussed in #262, using these in-line rules allows for mixing what are really multiple rules into one rule block. When using the separate aws_security_group_rule resource, only one of cidr_blocks, ipv6_cidr_blocks, security_groups and self are allowed, which allows you to ensure that the separate descriptions for each are preserved.

This isn't a major issue as I don't think what I described impacts most use cases of terraforming, but be aware that it exists and that the ideal solution is to migrate to creating aws_security_group_rule resources alongside the main aws_security_group resource.

@liamrahav
Copy link
Copy Markdown
Author

liamrahav commented Jun 26, 2019

Tagging @nitrocode who wrote up the issue.

@coveralls
Copy link
Copy Markdown

coveralls commented Jun 26, 2019

Coverage Status

Coverage remained the same at 100.0% when pulling 85306f6 on liamrahav:pr/sg-rule-descriptions into 67cb929 on dtan4:master.

@nitrocode
Copy link
Copy Markdown

nitrocode commented Jan 21, 2020

@dtan4 @waqark3389 @liamrahav

Nice job! LGTM!

@waqarkhan3389
Copy link
Copy Markdown

waqarkhan3389 commented Jan 25, 2020

ALL CHEER
MERGE MERGE MERGE MERGE MERGE

@skwp
Copy link
Copy Markdown

skwp commented Oct 7, 2021

Please merge 🙏

@adzuci
Copy link
Copy Markdown

adzuci commented Oct 13, 2021

@liamrahav & @dtan4, this change would save us a lot of time with a large import we're currently doing, do you know if there are any blockers to merging it or when we could expect it to land? cc @arbabkhalil

@liamrahav
Copy link
Copy Markdown
Author

liamrahav commented Oct 14, 2021

@adzuci I don't have the ability to merge anything, sorry! Haven't looked at this in a while, but I suppose you can merge my branch locally for now if needed.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@waqarkhan3389 waqarkhan3389 waqarkhan3389 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@liamrahav @coveralls @nitrocode @waqarkhan3389 @skwp @adzuci