Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

create md5 from sec group rule description in order to allow multiple… #6

Merged
merged 3 commits into from
Feb 15, 2021
Merged

create md5 from sec group rule description in order to allow multiple… #6

merged 3 commits into from
Feb 15, 2021

Conversation

1david5
Copy link
Contributor

@1david5 1david5 commented Feb 15, 2021
edited
Loading

… rules with the same port and different descriptions.

what

  • This PR generates the md5 hash from the security group rule description when creating the rule map keys.

why

  • This change prevents key map duplication when generating the security group rule map and there are rules with the same port and different descriptions. Example below:

main.tf

module "security_groups" {
  source = "github.com/cloudposse/terraform-aws-security-group"

  name        =  "sg_name"
  vpc_id      = "vpc-0000111122223333"
  rules       = [
        {
          type        = "ingress"
          from_port   = 22
          to_port     = 22
          protocol    = "tcp"
          cidr_blocks = ["10.10.0.0/16"]
          description = "Allow ssh from main office"
        },
        {
          type        = "ingress"
          from_port   = 22
          to_port     = 22
          protocol    = "tcp"
          cidr_blocks = ["192.168.0.0/24"]
          description = "Allow ssh from management VPC"
        },
        {
          type        = "egress"
          from_port   = 0
          to_port     = 65535
          protocol    = "all"
          cidr_blocks = ["0.0.0.0/0"]
          description = "Allow all outbound"
        }
      ]
  description = "sg_descrition"
}

ERROR

Error: Duplicate object key

  on .terraform/modules/security_groups/main.tf line 11, in locals:
   9:   rules = module.this.enabled && var.rules != null ? {
  10:     for rule in flatten(distinct(var.rules)) :
  11:     format("%s-%s-%s-%s-%s-%s-%s-%s-%s-%s",
  12:       rule.type,
  13:       rule.protocol,
  14:       rule.from_port,
  15:       rule.to_port,
  16:       lookup(rule, "cidr_blocks", null) == null ? "no_ipv4" : "ipv4",
  17:       lookup(rule, "ipv6_cidr_blocks", null) == null ? "no_ipv6" : "ipv6",
  18:       lookup(rule, "security_group_id", null) == null ? "no_ssg" : "ssg",
  19:       lookup(rule, "prefix_list_ids", null) == null ? "no_pli" : "pli",
  20:       lookup(rule, "self", null) == null ? "no_self" : "self",
  21:       lookup(rule, "description", null) == null ? "no_desc" : "desc"
  22:     ) => rule
  23:   } : {}
    |----------------
    | rule.from_port is 22
    | rule.protocol is "tcp"
    | rule.to_port is 22
    | rule.type is "ingress"

Two different items produced the key
"ingress-tcp-22-22-ipv4-no_ipv6-no_ssg-no_pli-no_self-desc" in this 'for'
expression. If duplicates are expected, use the ellipsis (...) after the value
expression to enable grouping by key.

references

@1david5
create md5 from sec group rule description in order to allow multiple…
7986a38 
… rules with the same port and different descriptions.
@1david5 1david5 requested review from a team as code owners February 15, 2021 05:16
@1david5 1david5 requested a review from a team as a code owner February 15, 2021 05:17
@SweetOps
Copy link
Contributor

/rebuild-readme

@SweetOps
Copy link
Contributor

/test all

@SweetOps SweetOps added the patch A minor, backward compatible change label Feb 15, 2021
@SweetOps SweetOps merged commit 33d8681 into cloudposse:master Feb 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SweetOps SweetOps SweetOps approved these changes

@jhosteny jhosteny Awaiting requested review from jhosteny

@nitrocode nitrocode Awaiting requested review from nitrocode

Assignees
No one assigned
Labels
patch A minor, backward compatible change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@1david5 @SweetOps @cloudpossebot @actions-bot