-
Notifications
You must be signed in to change notification settings - Fork 187
Conversation
Testing SSH access depending on the CIDR block configuration. Nevertheless due to a bug in the terraform CLI: - hashicorp/terraform#17032 test execution is not possible until the bug is solved.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR! Please see my comment about examples vs prod code.
I think the part of the PR that's useful are the changes to the modules
folder to make the outbound CIDR blocks configurable, and to not create inbound SSH SG rules if that list is empty. Everything else seems to affect examples only and is intentionally left open.
Co-authored-by: Yevgeniy Brikman <brikis98@users.noreply.github.com>
Reverting the changes made to allow the configuration of the CIDR blocks for SSH and outbound traffic for the examples. Additionally, since the examples now lacking the flexibility, the SSH test now only checks if access is possible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, one more NIT, and I can kick off tests!
test/nomad_helpers.go
Outdated
aws.DeleteAmi(t, awsRegion, amiId) | ||
}) | ||
|
||
test_structure.RunTestStage(t, "setup_ami", func() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you run go fmt
on this code? The indentation looks off.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, I see - thanks for pointing this out. It should be fixed now.
Waiting for PR to be merge: hashicorp/terraform-aws-nomad#85
Waiting for PR to be merge: hashicorp/terraform-aws-nomad#85
* 📌 version updates for all major components | #85 Covering the following dependencies: - nomad: 1.0.2 - consul: 1.9.1 - fabio - terraform modules - terraform-aws-consul module version 0.8.2 - packer definition - terraform: 0.14.4 * ♻️ Migrate from SSH to SSM and restructuring | #83 - Remove SSH dependency - Using AWS System Manager Session Manager instead of SSH access. * ✨ AMI testing during creation - Checking the AMI during the packer build step using goss. * ✨ restart nomad service on instance, solves #62 * 👷 added linting * 🐛 fixing aws provider version due to autoscaling issue An unsolved regression in the terraform-provider-aws ( hashicorp/terraform-provider-aws#14085 ) prevents the creation of autoscaling groups using terraform. * 💩 using fork to unblock waiting for PR | #85 Waiting for PR to be merge: hashicorp/terraform-aws-nomad#85 Co-authored-by: Matthias Scholz <matthias.scholz@gmail.com> Co-authored-by: Matthias Scholz <matthias.scholz@thoughtworks.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! I'll kick off tests now.
Looks like you still need a
|
Running tests once more! |
Looks like you're missing some imports in the test code:
Did you ever run or at least compile this code? |
Add support for terraform >= 0.14.3 using a wrapper function to bypass terratest limitation: - gruntwork-io/terratest#766 Adding missing SSH key pair to make SSH test work.
Running tests again! |
Since I ran into the issue with an incompatible terraform / terratest combination, should I update the referenced terratest version as well and remove the workaround - or should the terratest update better be handled with a separate PR? |
Separate PR would be better. Thank you! |
I saw the last test run failed due to "No cluster leader" error reported and the cluster not being able to elect a leader even after some retries. It does not seem to be related to the PR itself. What do you think? Trying to reproduce the issue running the test again using my AWS account was not successful. It might be a timing issue. Is there anything I could check further? |
It's hard to tell! There is an intermittent test failure hiding in this repo, as most nightly tests pass, but occasionally, we get a failure. I'm going to re-run the tests to see what happens. |
Yup, looks like an intermittent issue. OK, on another re-ran, tests passed, so it can't be anything related to this PR, as a bug in this PR would probably result in failures consistently. Thanks for the PR/patience. Merging now! |
Solves #84.
Refactoring the terraform configuration to configure:
Additionally a test is provided testing SSH access for access and deny.
Unfortunately, due to a bug in the terraform CLI test execution, with positive and negative access testing, was not possible using MacOSX operating system and hence only a positive test using the existing example is provided.