Merge pull request #13 from Datatamer/DEV-14447

daniosim · web-flow · commit 4469a13bc152 · 2020-10-28T12:49:17.000-04:00
DEV-14447 Combine sg ids input variables.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Tamr Terraform Template Repo
 
+## v0.4.0 - Oct 27th 2020
+* Consolidates inputs `tamr_vm_sg_id` and `spark_cluster_sg_ids` into one input, `ingress_sg_ids`
+
 ## v0.3.1 - Sep 10th 2020
 * Adds outputs, `rds_username` and `rds_dbname`
 
diff --git a/README.md b/README.md
@@ -7,7 +7,7 @@ This repo follows the [terraform standard module structure](https://www.terrafor
 Inline example implementation of the module.  This is the most basic example of what it would look like to use this module.
 ```
 module "rds_postgres" {
-  source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git?ref=0.3.0"
+  source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git?ref=0.4.0"
   postgres_name        = "example_rds_postgres"
   parameter_group_name = "example-rds-postgres-pg"
   identifier_prefix    = "example-rds-"
@@ -16,8 +16,7 @@ module "rds_postgres" {
 
   subnet_group_name    = "example_subnet"
   rds_subnet_ids       = ["example-subnet-1", "example-subnet-2"]
-  spark_cluster_sg_ids = ["sg-examplesecuritygroup1", "sg-examplesecuritygroup2"]
-  tamr_vm_sg_id        = "sg-exampletamrsecuritygroup"
+  ingress_sg_ids       = ["sg-sparksecuritygroup1", "sg-sparksecuritygroup2", "sg-tamrvmsecuritygroup"]
   vpc_id               = "vpc-examplevpcnetworkid"
 }
 ```
@@ -50,11 +49,10 @@ This terraform module will create:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| ingress\_sg\_ids | List of security group IDs to allow ingress from (i.e. Spark cluster SG IDs, Tamr VM SG ID) | `list(string)` | n/a | yes |
 | password | The password for the master DB user. | `string` | n/a | yes |
 | rds\_subnet\_ids | VPC subnet IDs in subnet group | `list(string)` | n/a | yes |
-| spark\_cluster\_sg\_ids | List of Spark service access security group IDs to allow ingress from | `list(string)` | n/a | yes |
 | subnet\_group\_name | The name of the subnet group to add the RDS instance to | `string` | n/a | yes |
-| tamr\_vm\_sg\_id | Tamr VM security group ID to allow ingress from | `string` | n/a | yes |
 | vpc\_id | VPC ID for the rds security group | `string` | n/a | yes |
 | additional\_cidrs | Additional CIDR to connect to RDS Postgres instance | `list(string)` | `[]` | no |
 | additional\_tags | Additional tags to set on the RDS instance | `map` | `{}` | no |
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.3.1
+0.4.0
diff --git a/examples/minimal/local.tfvars b/examples/minimal/local.tfvars
@@ -1,4 +1,3 @@
-vpc_id                      = "vpc-example"
-subnet_ids                  = ["subnet-az1", "subnet-az2"]
-spark_service_access_sg_ids = ["example-spark-service-access-sg"]
-tamr_vm_sg_id               = "example-tamr-vm-sg"
+vpc_id         = "vpc-example"
+subnet_ids     = ["subnet-az1", "subnet-az2"]
+ingress_sg_ids = ["example-spark-service-access-sg", "example-tamr-vm-sg"]
diff --git a/examples/minimal/main.tf b/examples/minimal/main.tf
@@ -1,5 +1,5 @@
 module "rds_postgres" {
-  # source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git?ref=0.3.0"
+  # source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git?ref=0.4.0"
   source = "../.."
 
   identifier_prefix    = "example-rds-pg-"
@@ -12,7 +12,5 @@ module "rds_postgres" {
   subnet_group_name = "example_subnet_group"
   # Network requirement: DB subnet group needs a subnet in at least two Availability Zones
   rds_subnet_ids = var.subnet_ids
-
-  spark_cluster_sg_ids = var.spark_service_access_sg_ids
-  tamr_vm_sg_id        = var.tamr_vm_sg_id
+  ingress_sg_ids = var.ingress_sg_ids
 }
diff --git a/main.tf b/main.tf
@@ -11,13 +11,12 @@ resource "aws_db_subnet_group" "rds_postgres_subnet_group" {
 }
 
 module "rds_sg" {
-  source               = "./modules/rds-postgres-sg"
-  spark_cluster_sg_ids = var.spark_cluster_sg_ids
-  tamr_vm_sg_id        = var.tamr_vm_sg_id
-  vpc_id               = var.vpc_id
-  security_group_name  = var.security_group_name
-  additional_cidrs     = var.additional_cidrs
-  additional_tags      = var.additional_tags
+  source              = "./modules/rds-postgres-sg"
+  ingress_sg_ids      = var.ingress_sg_ids
+  vpc_id              = var.vpc_id
+  security_group_name = var.security_group_name
+  additional_cidrs    = var.additional_cidrs
+  additional_tags     = var.additional_tags
 }
 
 resource "aws_db_instance" "rds_postgres" {
diff --git a/modules/rds-postgres-sg/README.md b/modules/rds-postgres-sg/README.md
@@ -4,9 +4,8 @@ This terraform module creates the security group and the security group rules fo
 # Example
 ```
 module "rds_sg" {
-  source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git//modules/rds-postgres-sg?ref=0.3.0"
-  spark_cluster_sg_ids = ["sg-examplesparksecuritygroup1", "sg-examplesparksecuritygroup2"]
-  tamr_vm_sg_id        = "sg-exampletamrvmsecuritygroup"
+  source               = "git::https://github.com/Datatamer/terraform-aws-rds-postgres.git//modules/rds-postgres-sg?ref=0.4.0"
+  ingress_sg_ids       = ["sg-examplesparksecuritygroup1", "sg-examplesparksecuritygroup2", "sg-exampletamrvmsecuritygroup"]
   vpc_id               = "vpc-examplevpcid"
   security_group_name  = "examplerdssecuritygroup"
   additional_cidrs     = ["1.2.3.4/32"]
@@ -36,8 +35,7 @@ This terraform module will create:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| spark\_cluster\_sg\_ids | List of Security groups attached to the ec2 instances of EMR Spark | `list(string)` | n/a | yes |
-| tamr\_vm\_sg\_id | Security group id attached to the tamr vm | `string` | n/a | yes |
+| ingress\_sg\_ids | List of security group IDs to allow ingress from (i.e. Spark cluster SG IDs, Tamr VM SG ID) | `list(string)` | n/a | yes |
 | vpc\_id | VPC ID for the rds security group | `string` | n/a | yes |
 | additional\_cidrs | Additional CIDR to connect to RDS Postgres instance | `list(string)` | `[]` | no |
 | additional\_tags | Additional tags to set on the RDS instance | `map` | `{}` | no |
diff --git a/modules/rds-postgres-sg/main.tf b/modules/rds-postgres-sg/main.tf
@@ -5,25 +5,15 @@ resource "aws_security_group" "rds_postgres_sg" {
   tags        = var.additional_tags
 }
 
-resource "aws_security_group_rule" "tamr_vm" {
-  description              = "Rule for ingress from Tamr VM to Postgres"
+resource "aws_security_group_rule" "pg_ingress" {
+  description              = "Ingress rule to Postgres DB instance."
+  count                    = length(var.ingress_sg_ids)
   from_port                = 5432
   protocol                 = "tcp"
   security_group_id        = aws_security_group.rds_postgres_sg.id
   to_port                  = 5432
   type                     = "ingress"
-  source_security_group_id = var.tamr_vm_sg_id
-}
-
-resource "aws_security_group_rule" "spark_cluster" {
-  description              = "Rule for ingress from Spark cluster to Postgres"
-  count                    = length(var.spark_cluster_sg_ids)
-  from_port                = 5432
-  protocol                 = "tcp"
-  security_group_id        = aws_security_group.rds_postgres_sg.id
-  to_port                  = 5432
-  type                     = "ingress"
-  source_security_group_id = var.spark_cluster_sg_ids[count.index]
+  source_security_group_id = var.ingress_sg_ids[count.index]
 }
 
 resource "aws_security_group_rule" "additional_cidrs" {
diff --git a/modules/rds-postgres-sg/variables.tf b/modules/rds-postgres-sg/variables.tf
@@ -4,13 +4,8 @@ variable "security_group_name" {
   default     = "tamr_rds_sg"
 }
 
-variable "tamr_vm_sg_id" {
-  description = "Security group id attached to the tamr vm"
-  type        = string
-}
-
-variable "spark_cluster_sg_ids" {
-  description = "List of Security groups attached to the ec2 instances of EMR Spark"
+variable "ingress_sg_ids" {
+  description = "List of security group IDs to allow ingress from (i.e. Spark cluster SG IDs, Tamr VM SG ID)"
   type        = list(string)
 }
 
diff --git a/variables.tf b/variables.tf
@@ -109,13 +109,8 @@ variable "security_group_name" {
   default     = "tamr_rds_sg"
 }
 
-variable "tamr_vm_sg_id" {
-  description = "Tamr VM security group ID to allow ingress from"
-  type        = string
-}
-
-variable "spark_cluster_sg_ids" {
-  description = "List of Spark service access security group IDs to allow ingress from"
+variable "ingress_sg_ids" {
+  description = "List of security group IDs to allow ingress from (i.e. Spark cluster SG IDs, Tamr VM SG ID)"
   type        = list(string)
 }
 

Original file line number	Diff line number	Diff line change
`@@ -4,13 +4,8 @@ variable "security_group_name" {`
`4`	`4`	`default = "tamr_rds_sg"`
`5`	`5`	`}`
`6`	`6`
`7`		`-variable "tamr_vm_sg_id" {`
`8`		`- description = "Security group id attached to the tamr vm"`
`9`		`- type = string`
`10`		`-}`
`11`		`-`
`12`		`-variable "spark_cluster_sg_ids" {`
`13`		`- description = "List of Security groups attached to the ec2 instances of EMR Spark"`
	`7`	`+variable "ingress_sg_ids" {`
	`8`	`+ description = "List of security group IDs to allow ingress from (i.e. Spark cluster SG IDs, Tamr VM SG ID)"`
`14`	`9`	`type = list(string)`
`15`	`10`	`}`
`16`	`11`
Original file line number	Diff line number	Diff line change
`@@ -109,13 +109,8 @@ variable "security_group_name" {`
`109`	`109`	`default = "tamr_rds_sg"`
`110`	`110`	`}`
`111`	`111`
`112`		`-variable "tamr_vm_sg_id" {`
`113`		`- description = "Tamr VM security group ID to allow ingress from"`
`114`		`- type = string`
`115`		`-}`
`116`		`-`
`117`		`-variable "spark_cluster_sg_ids" {`
`118`		`- description = "List of Spark service access security group IDs to allow ingress from"`
	`112`	`+variable "ingress_sg_ids" {`
	`113`	`+ description = "List of security group IDs to allow ingress from (i.e. Spark cluster SG IDs, Tamr VM SG ID)"`
`119`	`114`	`type = list(string)`
`120`	`115`	`}`
`121`	`116`