Skip to content
This repository has been archived by the owner on Sep 9, 2022. It is now read-only.

feat: Filtering imported security groups by IDs #410

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

mumoshu
Copy link

@mumoshu mumoshu commented May 16, 2018

terraforming sg now accepts one or more security groups via --group-ids sg-12345 sg-234456.
This limits the tf output to include only the two security groups.

Similarly, terraform sg --tfstate --group-ids sg-12345 limits the tfstate output to include only the security group.

An expected use-case to this flag is to gradually migrate hundreds of your security groups under the control of terraform, without worrying about the huge tf/tfstate diff on initial import.

Run terraforming help sg to see the description of the flag:

 bundle exec bin/terraforming help sg
Usage:
  terraforming sg

Options:
  [--group-ids=one two three]                    # Filter exported security groups by IDs
  [--merge=MERGE]                                # tfstate file to merge
  [--overwrite], [--no-overwrite]                # Overwrite existing tfstate
  [--tfstate], [--no-tfstate]                    # Generate tfstate
  [--profile=PROFILE]                            # AWS credentials profile
  [--region=REGION]                              # AWS region
  [--assume=ASSUME]                              # Role ARN to assume
  [--use-bundled-cert], [--no-use-bundled-cert]  # Use the bundled CA certificate from AWS SDK

Security Group

@coveralls
Copy link

coveralls commented May 16, 2018

Coverage Status

Coverage remained the same at 100.0% when pulling f3200ef on mumoshu:sg-filtering-by-ids into c1d467b on dtan4:master.

@@ -66,3 +65,4 @@
require "terraforming/resource/vpn_gateway"
require "terraforming/resource/sns_topic"
require "terraforming/resource/sns_topic_subscription"
require "terraforming/cli"
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had to move this to the bottom of this file in order to avoid NameError: uninitialized constant Terraforming::Resource at the line 4 of lib/terraforming/cli.rb.

@@ -242,7 +247,13 @@ def configure_aws(options)

def execute(klass, options)
configure_aws(options)
result = options[:tfstate] ? tfstate(klass, options[:merge]) : tf(klass)

subcommand_options = options.select { |k, v| OPTIONS_AVAILABLE_TO_SUBCOMMANDS.include? k }
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mind if I blindly passed all the options as subcommand_options here?
In that case we can simplify the implementation by removing OPTIONS_AVAILABLE_TO_SUBCOMMANDS and its relevant code.

@client.describe_security_groups(group_ids: @group_ids)
else
@client.describe_security_groups
end
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I opted to make this block conditional instead of doing @client.describea_security_groups(opts) not to break huge number of test cases :)

I can make it look something like:

opts = {}.tap { |o|
  o.[:group_ids] ||= @group_ids if @group_ids
}
@client.describe_security_groups(opts)

but I prefer separating it into another PR to ease your review.

@mumoshu mumoshu force-pushed the sg-filtering-by-ids branch from 38a6a15 to e632fed Compare May 16, 2018 07:12
`terraforming sg` now accepts one or more security groups via `--group-ids sg-12345 sg-234456`.
This limits the tf output to include only the two security groups.

Similarly, `terraform sg --tfstate --group-ids sg-12345` limits the tfstate output to include only the security group.

An expected use-case to this flag is to gradually migrate hundreds of your security groups under the control of terraform, without worrying about the huge tf/tfstate diff on initial import.

Run `terraforming help sg` to see the description of the flag:

```
 bundle exec bin/terraforming help sg
Usage:
  terraforming sg

Options:
  [--group-ids=one two three]                    # Filter exported security groups by IDs
  [--merge=MERGE]                                # tfstate file to merge
  [--overwrite], [--no-overwrite]                # Overwrite existing tfstate
  [--tfstate], [--no-tfstate]                    # Generate tfstate
  [--profile=PROFILE]                            # AWS credentials profile
  [--region=REGION]                              # AWS region
  [--assume=ASSUME]                              # Role ARN to assume
  [--use-bundled-cert], [--no-use-bundled-cert]  # Use the bundled CA certificate from AWS SDK

Security Group
```
@mumoshu mumoshu force-pushed the sg-filtering-by-ids branch from e632fed to f3200ef Compare May 16, 2018 07:22
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants