Add support to private_vpc (ie: with no public address) #296
Conversation
|
Hey @luhhujbb, thanks for submitting this PR. I will take a look at it over the holidays! |
There was a problem hiding this comment.
Thank you for this contribution @luhhujbb, and my apologies about the delay in reviewing it.
Could you elaborate a bit on why we need to add a --client-source option, vs. just having the user specify additional security groups? It seems to me better to reuse the existing functionality for adding arbitrary rules via additional security groups.
Also, did you manage to run the full test suite against a private VPC (i.e. with USE_AWS_CREDENTIALS=true) to confirm that everything works as expected?
…ate_flintrock_security_groups
|
Tests pass with USE_AWS_CREDENTIALS=true in the following condition:
|
There was a problem hiding this comment.
Apologies again about the delayed back and forth. I like the direction of this PR, so please bear with me through the slow review review process. 😅
And thank you for running the full test suite. I am also trying to figure out how to test this on my side, since I've never setup a private VPC that can still talk to the outside world.
|
This is looking good @luhhujbb. I will test this out tomorrow and try to get a private VPC working in my environment. I think I need to setup a NAT gateway to enable the private VPC to still talk to the outside world. Do you mind if I push some commits to your branch? It will mostly be to tweak some method names or message text that is sent to the user. I've been very slow with the review feedback, so for small things I'd like to spare you the time and just do them myself. If you're OK with that, let me know and just make sure that the "Allow edits from maintainers" checkbox is enabled in the right side-bar. |
|
Hi, @nchammas, of course you can edit, the box "Allow edits from maintainers" is checked. |
|
I've successfully created a private subnet that accesses the Internet via a NAT gateway on a public subnet in the same VPC. I've also successfully tested out this PR by launching a cluster in that environment. So far so good. 👍 I've pushed the latest changes from master onto your fork, @luhhujbb, and my next steps will be to retest your PR given the recent changes introduced by #285. I will also push some edits as noted in my previous comment. (By the way, for the future you may want to make contributions from a branch on your fork, as opposed to from master. It will make pulling updates from the upstream source easier down the line.) |
|
Any update on when this might get merged |
|
I've rebase from master. The python 3.5 compatibility was difficult to handle. Maybe it should be dropped since python 3.5 reaches its end of life.
|
|
@nchammas I've just rebase. Waiting for your review. Thanks for your time. |
it's a bit easier to read
all for readability
|
@luhhujbb - I made some changes to the PR to tweak the wording or style in various places, and also to refactor how we are validating the CLI input. I also think I fixed some bugs, like
|
|
@nchammas First of all many thanks for your time !
|
|
Thanks for persisting through the lengthy review/refactor process! I'm glad we got this in. |
This PR makes the following changes:
Default behaviour remains identical except that it logs when flintrock detect private mode instead of raising an exception.
Fixes #14