From 24cab5f1d22221132148f727ee91535732c8150f Mon Sep 17 00:00:00 2001
From: Wilson Carey <carey@unif.io>
Date: Sat, 10 Mar 2018 15:46:53 -0500
Subject: [PATCH 1/4] Fix for zero lan scenario

---
 az/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/az/main.tf b/az/main.tf
index 6aef848..68f5816 100644
--- a/az/main.tf
+++ b/az/main.tf
@@ -30,7 +30,7 @@ locals {
   lan_cidrs_override_enabled = "${length(var.lan_cidrs_override) > 0 && var.lan_cidrs_override[0] != "non_empty_list" ? "true" : "false"}"
 
   # Multiplier to be used in downstream calculation based on the number of LAN subnets per AZ.
-  lans_multiplier = "${local.lans_per_az_checked > 0 ? local.lans_per_az_checked : 1}"
+  lans_multiplier = "${local.lans_per_az_checked >= 0 ? local.lans_per_az_checked : 1}"
 
   # Handles scenario where an emptry string is passed in for lans_per_az
   lans_per_az_checked = "${var.lans_per_az != "" ? var.lans_per_az : "1"}"

From 41815a9982388c42ad0cea5f5cff0146b946cbd8 Mon Sep 17 00:00:00 2001
From: Wilson Carey <carey@unif.io>
Date: Sat, 10 Mar 2018 15:47:25 -0500
Subject: [PATCH 2/4] Updated resources with global namespace to avoid
 collisions

---
 base/main.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/base/main.tf b/base/main.tf
index 4ab3417..20cbb97 100644
--- a/base/main.tf
+++ b/base/main.tf
@@ -47,7 +47,7 @@ resource "aws_route_table" "rt_dmz" {
 
 ## Provisions VPC flow logs
 resource "aws_cloudwatch_log_group" "flow_log_group" {
-  name = "${var.stack_item_label}-vpc-flow-logs"
+  name_prefix = "${var.stack_item_label}-vpc-logs-"
 }
 
 data "aws_iam_policy_document" "flow_log_role" {
@@ -63,7 +63,7 @@ data "aws_iam_policy_document" "flow_log_role" {
 
 resource "aws_iam_role" "flow_log_role" {
   assume_role_policy = "${data.aws_iam_policy_document.flow_log_role.json}"
-  name               = "${var.stack_item_label}-vpc-flow-logs"
+  name_prefix        = "${var.stack_item_label}-vpc-logs-"
 }
 
 data "aws_iam_policy_document" "flow_log_policy" {
@@ -87,7 +87,7 @@ resource "aws_iam_role_policy" "flow_log_role_policies" {
 }
 
 resource "aws_flow_log" "flow_log" {
-  log_group_name = "${var.stack_item_label}-vpc-flow-logs"
+  log_group_name = "${aws_cloudwatch_log_group.flow_log_group.name}"
   iam_role_arn   = "${aws_iam_role.flow_log_role.arn}"
   vpc_id         = "${aws_vpc.vpc.id}"
   traffic_type   = "${var.flow_log_traffic_type}"

From 78409f4ce7fb1c293f3dd673b8623253fda9691a Mon Sep 17 00:00:00 2001
From: Wilson Carey <carey@unif.io>
Date: Sun, 11 Mar 2018 11:43:10 -0400
Subject: [PATCH 3/4] Updated CI configuration for parallelization

---
 .circleci/config.yml | 63 +++++++++++++++++++++++++++++++++++++-------
 .env.docker          |  1 +
 .gitignore           |  2 +-
 3 files changed, 55 insertions(+), 11 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index e8cfa1b..89b58b3 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,22 +1,39 @@
+common: &common
+  working_directory: ~/repo
+
+  docker:
+    - image: unifio/ci:3.0.411-ruby-2.4
+
+  environment:
+    AWS_REGION: 'us-east-2'
+    TF_PLUGIN_CACHE_DIR: '/root/.terraform.d/plugin-cache'
+
 version: 2
 
 jobs:
   build:
-    working_directory: ~/repo
-
-    docker:
-      - image: unifio/ci:3.0.411-ruby-2.4
-
-    environment:
-      AWS_REGION: 'us-east-2'
-      TF_PLUGIN_CACHE_DIR: "/root/.terraform.d/plugin-cache"
+    <<: *common
 
     steps:
       - checkout
 
       - run:
           name: Verify
-          command: bundle exec rake ci
+          environment:
+            CI_REPORTS: 'reports'
+            COVALENCE_TEST_ENVS: 'basic,complete'
+          command: |
+            mkdir reports
+            bundle exec rake ci
+
+      - store_test_results:
+          path: reports
+
+  basic:
+    <<: *common
+
+    steps:
+      - checkout
 
       - run:
           name: Test DMZ only configuration
@@ -39,9 +56,23 @@ jobs:
             bundle exec rake basic:vpg-attach:apply
             bundle exec rake basic:vpg-attach:destroy
 
+      - run:
+          name: Clean up
+          when: always
+          command: |
+            bundle exec rake basic:destroy
+
+  complete:
+    <<: *common
+
+    steps:
+      - checkout
+
       - run:
           name: Test more options and overrides
           command: |
+            bundle exec rake complete:overrides:apply || true
+            # Need to run twice due to frequent timing issues
             bundle exec rake complete:overrides:apply
 
       - run:
@@ -56,4 +87,16 @@ jobs:
           command: |
             bundle exec rake peering:destroy || true
             bundle exec rake complete:destroy
-            bundle exec rake basic:destroy
+
+workflows:
+  version: 2
+
+  vpc_module:
+    jobs:
+      - build
+      - basic:
+          requires:
+            - build
+      - complete:
+          requires:
+            - build
diff --git a/.env.docker b/.env.docker
index f3acadd..5fd13be 100644
--- a/.env.docker
+++ b/.env.docker
@@ -1,3 +1,4 @@
 AWS_REGION=us-east-2
+CI_REPORTS=reports
 COVALENCE_TEST_ENVS=basic,complete
 CHECKPOINT_DISABLE=1
diff --git a/.gitignore b/.gitignore
index e5b8881..f3d8084 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
 *.tfstate*
 .terraform/
 .env
-spec/reports/**
+reports/**

From bd4bcec30c3213ca9e0b3362d83fc184ee3068c6 Mon Sep 17 00:00:00 2001
From: Wilson Carey <carey@unif.io>
Date: Sun, 11 Mar 2018 11:46:21 -0400
Subject: [PATCH 4/4] Updated documentation

---
 CHANGELOG.md | 9 +++++++++
 az/main.tf   | 2 ++
 2 files changed, 11 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8e55e59..ee21d1a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,15 @@
 * full ipv6 support
 * vpc endpoints
 
+## 0.3.5 (March 11, 2018)
+
+#### IMPROVEMENTS / NEW FEATURES:
+* Updated CI configuration to more reliably handle Terraform / AWS timing issues.
+* Added security group rule descriptions.
+
+#### BUG FIXES:
+* Updated az module to properly handle 0 private subnets.
+
 ## 0.3.4 (March 7, 2018)
 
 #### BACKWARDS INCOMPATIBILITIES / NOTES:
diff --git a/az/main.tf b/az/main.tf
index 68f5816..658750c 100644
--- a/az/main.tf
+++ b/az/main.tf
@@ -146,6 +146,7 @@ resource "aws_security_group" "sg_nat" {
 
   egress {
     cidr_blocks = ["0.0.0.0/0"]
+    description = "Egress to the Internet"
     from_port   = 0
     protocol    = "-1"
     to_port     = 0
@@ -153,6 +154,7 @@ resource "aws_security_group" "sg_nat" {
 
   ingress {
     cidr_blocks = ["${local.lan_cidrs_override_enabled == "true" ? element(var.lan_cidrs_override,count.index) : cidrsubnet(data.aws_vpc.base.cidr_block,lookup(var.az_cidrsubnet_newbits, local.azs_provisioned_count * local.lans_multiplier),count.index + lookup(var.az_cidrsubnet_offset, local.azs_provisioned_count))}"]
+    description = "Ingress from ${var.stack_item_label}-lan-${count.index}"
     from_port   = 0
     protocol    = "-1"
     to_port     = 0