Merge pull request #31 from unifio/wlc-update

Zero LAN fix
unifio · Mar 11, 2018 · ab45e0e · ab45e0e
2 parents f1eed12 + bd4bcec
commit ab45e0e
Show file tree

Hide file tree

Showing 6 changed files with 70 additions and 15 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,22 +1,39 @@
+common: &common
+  working_directory: ~/repo
+
+  docker:
+    - image: unifio/ci:3.0.411-ruby-2.4
+
+  environment:
+    AWS_REGION: 'us-east-2'
+    TF_PLUGIN_CACHE_DIR: '/root/.terraform.d/plugin-cache'
+
 version: 2
 
 jobs:
   build:
-    working_directory: ~/repo
-
-    docker:
-      - image: unifio/ci:3.0.411-ruby-2.4
-
-    environment:
-      AWS_REGION: 'us-east-2'
-      TF_PLUGIN_CACHE_DIR: "/root/.terraform.d/plugin-cache"
+    <<: *common
 
     steps:
       - checkout
 
       - run:
           name: Verify
-          command: bundle exec rake ci
+          environment:
+            CI_REPORTS: 'reports'
+            COVALENCE_TEST_ENVS: 'basic,complete'
+          command: |
+            mkdir reports
+            bundle exec rake ci
+
+      - store_test_results:
+          path: reports
+
+  basic:
+    <<: *common
+
+    steps:
+      - checkout
 
       - run:
           name: Test DMZ only configuration
@@ -39,9 +56,23 @@ jobs:
             bundle exec rake basic:vpg-attach:apply
             bundle exec rake basic:vpg-attach:destroy
 
+      - run:
+          name: Clean up
+          when: always
+          command: |
+            bundle exec rake basic:destroy
+
+  complete:
+    <<: *common
+
+    steps:
+      - checkout
+
       - run:
           name: Test more options and overrides
           command: |
+            bundle exec rake complete:overrides:apply || true
+            # Need to run twice due to frequent timing issues
             bundle exec rake complete:overrides:apply
 
       - run:
@@ -56,4 +87,16 @@ jobs:
           command: |
             bundle exec rake peering:destroy || true
             bundle exec rake complete:destroy
-            bundle exec rake basic:destroy
+
+workflows:
+  version: 2
+
+  vpc_module:
+    jobs:
+      - build
+      - basic:
+          requires:
+            - build
+      - complete:
+          requires:
+            - build
diff --git a/.env.docker b/.env.docker
@@ -1,3 +1,4 @@
 AWS_REGION=us-east-2
+CI_REPORTS=reports
 COVALENCE_TEST_ENVS=basic,complete
 CHECKPOINT_DISABLE=1
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,4 @@
 *.tfstate*
 .terraform/
 .env
-spec/reports/**
+reports/**
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,15 @@
 * full ipv6 support
 * vpc endpoints
 
+## 0.3.5 (March 11, 2018)
+
+#### IMPROVEMENTS / NEW FEATURES:
+* Updated CI configuration to more reliably handle Terraform / AWS timing issues.
+* Added security group rule descriptions.
+
+#### BUG FIXES:
+* Updated az module to properly handle 0 private subnets.
+
 ## 0.3.4 (March 7, 2018)
 
 #### BACKWARDS INCOMPATIBILITIES / NOTES:

diff --git a/az/main.tf b/az/main.tf
@@ -30,7 +30,7 @@ locals {
   lan_cidrs_override_enabled = "${length(var.lan_cidrs_override) > 0 && var.lan_cidrs_override[0] != "non_empty_list" ? "true" : "false"}"
 
   # Multiplier to be used in downstream calculation based on the number of LAN subnets per AZ.
-  lans_multiplier = "${local.lans_per_az_checked > 0 ? local.lans_per_az_checked : 1}"
+  lans_multiplier = "${local.lans_per_az_checked >= 0 ? local.lans_per_az_checked : 1}"
 
   # Handles scenario where an emptry string is passed in for lans_per_az
   lans_per_az_checked = "${var.lans_per_az != "" ? var.lans_per_az : "1"}"
@@ -146,13 +146,15 @@ resource "aws_security_group" "sg_nat" {
 
   egress {
     cidr_blocks = ["0.0.0.0/0"]
+    description = "Egress to the Internet"
     from_port   = 0
     protocol    = "-1"
     to_port     = 0
   }
 
   ingress {
     cidr_blocks = ["${local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))}"]
+    description = "Ingress from ${var.stack_item_label}-lan-${count.index}"
     from_port   = 0
     protocol    = "-1"
     to_port     = 0

diff --git a/base/main.tf b/base/main.tf
@@ -47,7 +47,7 @@ resource "aws_route_table" "rt_dmz" {
 
 ## Provisions VPC flow logs
 resource "aws_cloudwatch_log_group" "flow_log_group" {
-  name = "${var.stack_item_label}-vpc-flow-logs"
+  name_prefix = "${var.stack_item_label}-vpc-logs-"
 }
 
 data "aws_iam_policy_document" "flow_log_role" {
@@ -63,7 +63,7 @@ data "aws_iam_policy_document" "flow_log_role" {
 
 resource "aws_iam_role" "flow_log_role" {
   assume_role_policy = "${data.aws_iam_policy_document.flow_log_role.json}"
-  name               = "${var.stack_item_label}-vpc-flow-logs"
+  name_prefix        = "${var.stack_item_label}-vpc-logs-"
 }
 
 data "aws_iam_policy_document" "flow_log_policy" {
@@ -87,7 +87,7 @@ resource "aws_iam_role_policy" "flow_log_role_policies" {
 }
 
 resource "aws_flow_log" "flow_log" {
-  log_group_name = "${var.stack_item_label}-vpc-flow-logs"
+  log_group_name = "${aws_cloudwatch_log_group.flow_log_group.name}"
   iam_role_arn   = "${aws_iam_role.flow_log_role.arn}"
   vpc_id         = "${aws_vpc.vpc.id}"
   traffic_type   = "${var.flow_log_traffic_type}"