Making CIDR Blocks Configurable

[MatthiasScholz]

Solves #84.

Refactoring the terraform configuration to configure:

• SSH access using CIDR blocks
• Traffic access using CIDR blocks

Additionally a test is provided testing SSH access for access and deny.
Unfortunately, due to a bug in the terraform CLI test execution, with positive and negative access testing, was not possible using MacOSX operating system and hence only a positive test using the existing example is provided.

[hashicorp-cla]

All committers have signed the CLA.

[brikis98]

Thanks for the PR! Please see my comment about examples vs prod code.

I think the part of the PR that's useful are the changes to the modules folder to make the outbound CIDR blocks configurable, and to not create inbound SSH SG rules if that list is empty. Everything else seems to affect examples only and is intentionally left open.

[brikis98]

OK, one more NIT, and I can kick off tests!

[brikis98]

Could you run go fmt on this code? The indentation looks off.

[MatthiasScholz]

Ah, I see - thanks for pointing this out. It should be fixed now.

[brikis98]

Thanks! I'll kick off tests now.

[brikis98]

Looks like you still need a go fmt:

[INFO] Initializing environment for https://github.com/gruntwork-io/pre-commit.
Terraform fmt............................................................Passed
gofmt....................................................................Failed
- hook id: gofmt
- files were modified by this hook

test/nomad_helpers.go
test/nomad_helpers.go

[brikis98]

Running tests once more!

[brikis98]

Looks like you're missing some imports in the test code:

go: downloading github.com/russross/blackfriday/v2 v2.0.1
go: downloading github.com/shurcooL/sanitized_anchor_name v1.0.0
# github.com/gruntwork-io/terraform-aws-nomad/test [github.com/gruntwork-io/terraform-aws-nomad/test.test]
./nomad_helpers.go:57:17: undefined: test_structure
./nomad_helpers.go:59:8: undefined: test_structure
./nomad_helpers.go:60:23: undefined: test_structure
./nomad_helpers.go:63:12: undefined: test_structure
./nomad_helpers.go:64:16: undefined: test_structure
./nomad_helpers.go:68:2: undefined: test_structure
./nomad_helpers.go:70:3: undefined: test_structure
./nomad_helpers.go:73:3: undefined: test_structure
./nomad_helpers.go:76:3: undefined: test_structure
./nomad_helpers.go:79:2: undefined: test_structure
./nomad_helpers.go:79:2: too many errors
FAIL	github.com/gruntwork-io/terraform-aws-nomad/test [build failed]

Did you ever run or at least compile this code?

[brikis98]

Running tests again!

[MatthiasScholz]

Since I ran into the issue with an incompatible terraform / terratest combination, should I update the referenced terratest version as well and remove the workaround - or should the terratest update better be handled with a separate PR?

[brikis98]

Since I ran into the issue with an incompatible terraform / terratest combination, should I update the referenced terratest version as well and remove the workaround - or should the terratest update better be handled with a separate PR?

Separate PR would be better. Thank you!

[MatthiasScholz]

I saw the last test run failed due to "No cluster leader" error reported and the cluster not being able to elect a leader even after some retries. It does not seem to be related to the PR itself. What do you think?

Trying to reproduce the issue running the test again using my AWS account was not successful. It might be a timing issue.

Is there anything I could check further?

[brikis98]

It's hard to tell! There is an intermittent test failure hiding in this repo, as most nightly tests pass, but occasionally, we get a failure. I'm going to re-run the tests to see what happens.

[brikis98]

Yup, looks like an intermittent issue. OK, on another re-ran, tests passed, so it can't be anything related to this PR, as a bug in this PR would probably result in failures consistently. Thanks for the PR/patience. Merging now!

[brikis98]

https://github.com/hashicorp/terraform-aws-nomad/releases/tag/v0.7.2