ISSUE-42: Auto create Security Groups

[ossarga]

Closes #42 Closes #36

[rustyrazorblade]

I did it already in this branch, give it a look: https://github.com/thelastpickle/tlp-cluster/compare/jon/42_sg_suggestions?expand=1

On Sun, Mar 24, 2019 at 3:08 PM Anthony Grasso notifications@github.com wrote:

@ossarga commented on this pull request.

In src/main/kotlin/com/thelastpickle/tlpcluster/terraform/Configuration.kt https://github.com/thelastpickle/tlp-cluster/pull/62#discussion_r268455582 :

@@ -92,9 +93,43 @@ class Configuration(val tags: MutableMap<String, String> = mutableMapOf(), setVariable("region", region) setVariable("zones", Variable(listOf("us-west-2a", "us-west-2b", "us-west-2c"), "list"))

• setResource("cassandra", cassandraAMI, cassandraInstanceType, numCassandraInstances, setTagName(tags, ServerType.Cassandra))
• setResource("stress", stressAMI, stressInstanceType, numStressInstances, setTagName(tags, ServerType.Stress))
• setResource("monitoring", monitoringAMI, monitoringInstanceType, if (monitoring) 1 else 0, setTagName(tags, ServerType.Monitoring))
• val instanceSg = SecurityGroupResource.Builder()
• .newSecurityGroupResource("${ticket}_TlpClusterSG","tlp-cluster ${ticket} security group", tags)
• .withRule(0, 65535, "tcp", listOf("0.0.0.0/0"), "All traffic", SecurityGroupRule.Direction.Outbound)
• .withRule(22, 22, "tcp", listOf("0.0.0.0/0"), "SSH", SecurityGroupRule.Direction.Inbound)
• .withRule(7000, 7001, "tcp", listOf("172.31.0.0/16"), "Intra node", SecurityGroupRule.Direction.Inbound)

Ok. I'll give it a try and rework the code once I have it working in a handcrafted terraform JSON file. I assume self will allow only the IPs within the VPC? (which is what we would want). If so, I guess we just give a port range and set the self property to true?

— You are receiving this because your review was requested. Reply to this email directly, view it on GitHub https://github.com/thelastpickle/tlp-cluster/pull/62#discussion_r268455582, or mute the thread https://github.com/notifications/unsubscribe-auth/AAUn0IsFxhEZxFf3PWPQrgww3VbKFPRoks5vZ_dUgaJpZM4cAxF_ .

[ossarga]

@rustyrazorblade I have pushed up a new change that incorporates all feedback.

• Changed withRule function names so that it is clear if you are adding an inbound or outbound rule.
• Added self to SecurityGroupRule class and a with function to add a rule that uses it.
• Added code to get your external IP address and apply it to the SSH and monitoring inbound rules.

[rustyrazorblade]

I think your last commit removing the security group introduced a bug, now it doesn't build.

[ossarga]

Fixed!