Add "IT" SG template

[djmitche]

The IT template really only has to create the security group -- the instance itself isn't cloudy enough to be managed by CloudFormation.

One important bit of security group creation is referencing the VPC to which the SG belongs. So I built out a bit of support for inter-stack references. From what I can tell, the best practice for this is to feed such external resource IDs to CloudFormation manually via template parameters. This is almost the same thing -- I've replaced "manually" with a handy-dandy lookup function, and replaced parameters with the much simpler pyplates feature, "options", which just substitutes the value directly into the template.

@davecurado, what do you think? The missing piece here is that the SG is configured with a list of raw IPs, much of which will need to be repeated for lots of other security groups, so we should find a way to not be so repetitive about it.

[coveralls]

Coverage decreased (-0.7%) to 37.53% when pulling eda690c on djmitche:add-nagios-sg-template into a3d372b on mozilla:master.

[djmitche]

Oh, right, I wrote tests :(

[djmitche]

rebased with test refactors, too -- it passes tox now.

[coveralls]

Coverage decreased (-0.16%) to 38.07% when pulling 25fed47 on djmitche:add-nagios-sg-template into a3d372b on mozilla:master.

[rail]

Ship it!

[djmitche]

Thanks! I kinda want to hear from @davecurado first though :)

[rail]

No pressure :)

[davecurado]

I see what you mean about the IPs... since you have working code I think you should run with that. I don't know the whole picture/story here, but (stating the obvious) it would be good if the list of IPs could be aggregated into a subnet and/or the IPs managed by some external system. Not sure how often that list of IPs will change. If that will be infrequent, I think you can make the argument for leaving it just as it is. HTHs.

[djmitche]

I think the list will be fairly static, but we'll have a very similar list for a half-dozen other security groups, too. So I can land this as-is, but once we introduce those additional security groups, we should have some way to avoid writing the same list multiple times. Is that something you could work on, with this patch in place?

[davecurado]

I'm definitely interested, and would like to give it a shot.
That said, I don't want you to build dependencies on me.
I'm just getting started with pyplates, and netops stuff
takes priority, even during off hours.
(lost an entire day yesterday to a network issue)
So if any of that sounds problematic, you should probably
find another resource. Just want to be really fair to you.
Thanks.

On 1/23/15 10:54 AM, Dustin J. Mitchell wrote:

I think the list will be fairly static, but we'll have a very similar list for a half-dozen other security groups, too. So I can land this as-is, but once we introduce those additional security groups, we should have some way to avoid writing the same list multiple times. Is that something you could work on, with this patch in place?

---

Reply to this email directly or view it on GitHub:
#18 (comment)

[djmitche]

I just took this priority off of my Q1 list (because, why promise to do
something you might not do, when you can just not promise to do it, but
try to do it anyway .. how's that for corporate logic?), so it's not
blocking anything. If it becomes blocking and you haven't had a chance,
I'll take care of it.

Dustin

On Fri, Jan 23, 2015 at 11:09 AM, Dave Curado notifications@github.com
wrote:

I'm definitely interested, and would like to give it a shot.
That said, I don't want you to build dependencies on me.
I'm just getting started with pyplates, and netops stuff
takes priority, even during off hours.
(lost an entire day yesterday to a network issue)
So if any of that sounds problematic, you should probably
find another resource. Just want to be really fair to you.
Thanks.

On 1/23/15 10:54 AM, Dustin J. Mitchell wrote:

I think the list will be fairly static, but we'll have a very similar
list for a half-dozen other security groups, too. So I can land this as-is,
but once we introduce those additional security groups, we should have some
way to avoid writing the same list multiple times. Is that something you
could work on, with this patch in place?

---

Reply to this email directly or view it on GitHub:

#18 (comment)

—
Reply to this email directly or view it on GitHub
#18 (comment)
.

[davecurado]

perfect! Thanks so much.

On 1/23/15 11:53 AM, Dustin J. Mitchell wrote:

I just took this priority off of my Q1 list (because, why promise to do
something you might not do, when you can just not promise to do it, but
try to do it anyway .. how's that for corporate logic?), so it's not
blocking anything. If it becomes blocking and you haven't had a chance,
I'll take care of it.

Dustin

On Fri, Jan 23, 2015 at 11:09 AM, Dave Curado notifications@github.com
wrote:

I'm definitely interested, and would like to give it a shot.
That said, I don't want you to build dependencies on me.
I'm just getting started with pyplates, and netops stuff
takes priority, even during off hours.
(lost an entire day yesterday to a network issue)
So if any of that sounds problematic, you should probably
find another resource. Just want to be really fair to you.
Thanks.

On 1/23/15 10:54 AM, Dustin J. Mitchell wrote:

I think the list will be fairly static, but we'll have a very similar
list for a half-dozen other security groups, too. So I can land this as-is,
but once we introduce those additional security groups, we should have some
way to avoid writing the same list multiple times. Is that something you

could work on, with this patch in place?

Reply to this email directly or view it on GitHub:

#18 (comment)

—
Reply to this email directly or view it on GitHub
#18 (comment)
.

---

Reply to this email directly or view it on GitHub:
#18 (comment)