Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

provider/softlayer: Implement softlayer_firewall Resource #43

Closed
10 tasks
danielcbright opened this issue May 16, 2016 · 4 comments
Closed
10 tasks

provider/softlayer: Implement softlayer_firewall Resource #43

danielcbright opened this issue May 16, 2016 · 4 comments
Labels
resource

Comments

@danielcbright
Copy link

danielcbright commented May 16, 2016
edited
Loading

Implement Resource: softlayer_firewall

This issue will track the completion of the softlayer_firewall resource type requirement for the SoftLayer Provisioner.

Tracking Checklist

  • Gather all resource requirements for this resource from SUN, compare with existing AWS TF configurations and create an example configuration in the description of this issue.
  • Implement Resource Arguments defined in the example configuration provided in this issue.
  • Implement any required changes to the softlayer-go API, including enhancements and tests. Please follow all contribution guidelines listed in the main README, all updates should be made via PR to https://github.com/TheWeatherCompany/softlayer-go which will be code-reviewed and then merged, changes will eventually be merged upstream.
  • Create acceptance tests following the TF Acceptance Test Guidelines. The AWS provider has good examples of acceptance tests.
  • Open PR and code-review for the Terraform coding.
  • Perform QA testing of the code, basically make sure it does what it's meant to do.
  • Update the website documentation for the SoftLayer Provider following the instructions in the Terraform Website tree.
  • When all other required resources are completed, perform UAT testing of the complete suite of resources.
  • Fix any "show-stopper" bugs that come up as a result of UAT testing, update documentation as needed.
  • Once UAT testing is complete and it is accepted, create a PR to Hashicorp and close this issue.

Example Terraform Configuration [WIP]:

resource "softlayer_network_vlan" "main" {
    cidr_block = "10.0.0.0/24"
    enable_dns_support = true
    enable_dns_hostnames = true
    name = "main_vlan"
}

resource "softlayer_firewall" "web_ext_lb" {
  name = "web_http_ext_lb"
  description = "Allow communication with web_ext_lb ELB"
  vlan_id = "${softlayer_network_vlan.main.id}"
  ingress {
    from_port = 80
    to_port = 80
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port = 443
    to_port = 443
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port = 0
    to_port = 0
    protocol = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "softlayer_firewall" "web_http" {
  name = "web_http_firewall"
  description = "Allow inbound http connections"
  vlan_id = "${aws_vpc.main.id}"
}

resource "softlayer_firewall_rule" "web_http_ingress_from_self" {
  type = "ingress"
  from_port = 80
  to_port = 80
  protocol = "tcp"
  self = true
  softlayer_firewall_id = "${softlayer_firewall.web_http.id}"
}

resource "softlayer_firewall_rule" "web_httpd_ingress_from_self" {
  type = "ingress"
  from_port = 443
  to_port = 443
  protocol = "tcp"
  self = true
  softlayer_firewall_id = "${softlayer_firewall.web_http.id}"
}

resource "softlayer_firewall_rule" "web_http_ingress_from_web_ext_lb" {
  type = "ingress"
  from_port = 80
  to_port = 80
  protocol = "tcp"
  softlayer_firewall_id = "${softlayer_firewall.web_http.id}"
  source_softlayer_firewall_id = "${softlayer_firewall.web_ext_lb.id}"
}

resource "softlayer_firewall_rule" "web_http_ingress_from_web_ext_lb" {
  type = "ingress"
  from_port = 443
  to_port = 443
  protocol = "tcp"
  softlayer_firewall_id = "${softlayer_firewall.web_http.id}"
  source_softlayer_firewall_id = "${softlayer_firewall.web_ext_lb.id}"
}
@renier renier assigned renier and minsikl and unassigned renier May 20, 2016
@renier
Copy link
Collaborator

renier commented Jun 2, 2016

dbright, do you know if firewalling private vlans is a hard requirement?

@renier
Copy link
Collaborator

renier commented Jun 2, 2016

dbright, other questions:

  • Are ingress rules hard requirements? or egress rules? or both?
  • What is the minimum bandwidth needed through the firewall gateway?

@danielcbright
Copy link
Author

@renier the short answer to all of your questions is that we're using all of those features, so firewalling private VLANs, ingress rules and egress rules are all hard requirements. That is of course unless there is another way to accomplish the same thing in SoftLayer, I have a good understanding of how firewalls work in general so maybe if we could have a call to discuss that would help. As for the minimum bandwidth required, I need to ask someone that and I'll get back to you ASAP.

@renier
Copy link
Collaborator

renier commented Jun 2, 2016

@danielcbright (dbright) May be a dumb question, but would like to get confirmation on, whether you are using those features because they were there to be used or because there was a real business need? Trying to get to the root needs.

@renier renier closed this as completed May 3, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
resource
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@renier @minsikl @danielcbright