Skip to content

fix: Fixed SG with prefix lists#271

Merged
antonbabenko merged 3 commits into
masterfrom
unknown repository
Jan 13, 2023
Merged

fix: Fixed SG with prefix lists#271
antonbabenko merged 3 commits into
masterfrom
unknown repository

Conversation

@ghost
Copy link
Copy Markdown

@ghost ghost commented Dec 5, 2022
edited by antonbabenko
Loading

Custom rules with prefix lists were failing in cases where no CIDR block was specified due to an edge case in the variable interpolation.

If both the rule and the general CIDR block variables are unset, the interpolation returns a list with an empty string as the only element (instead of an empty list).

main.tf has been modified to add a check for this edge case and return an empty list.

Description

The eight (8) resources in main.tf which set the cidr_blocks or ipv6_cidr_blocks argument have been modified to include a check for the edge case where both the custom rule does not include a CIDR block and the corresponding global CIDR block variable is unset (defaulting to an empty list). These resources now correctly evaluate their respective CIDR block arguments to an empty list, allowing the rules to be created with the assigned prefix list id(s).

All eight (8) changes follow the pattern below (in pseudo-code):

IF (rule cidr block is set) OR (global cidr block is set)
THEN (do previous behavior) 
ELSE (return empty list)
END

This preserves the original behavior in all cases except for the edge case, which now returns an empty list.

Motivation and Context

As of v4.16.2, the module does not allow for custom rules to be specified without a CIDR block, even if provided one or more prefix list ids. This appears to be due to a variable interpolation edge case, which is incorrectly returning a list with an empty string (i.e. [""]) instead of an empty list (i.e. []). A check has been added to override the interpolation and return an empty list for this edge case, which allows the security group and SG rule(s) to be created as expected.

Link to issue: #270

Fixes #270

Breaking Changes

All changes are backwards-compatible; I believe this can be safely released as a bug fix.

How Has This Been Tested?

This change has been tested against my code base.

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects
  • I have executed pre-commit run -a on my pull request

Fix for issue-270 RE: prefix lists
3143885 
Custom rules with prefix lists were failing in cases where no CIDR block was specified due to an edge case in the variable interpolation.

If both the rule and the general CIDR block variables are unset, the interpolation returns a list with an empty string as the only element (instead of an empty list).

`main.tf` has been modified to add a check for this edge case and return an empty list.
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jan 5, 2023

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

@github-actions github-actions Bot added the stale label Jan 5, 2023
@apamildner
Copy link
Copy Markdown

apamildner commented Jan 10, 2023

@antonbabenko Can we have this one merged/reviewed please?

@github-actions github-actions Bot removed the stale label Jan 11, 2023
apamildner
apamildner approved these changes Jan 11, 2023
View reviewed changes
Copy link
Copy Markdown

@apamildner apamildner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

loicvolle
loicvolle approved these changes Jan 11, 2023
View reviewed changes
Copy link
Copy Markdown

@loicvolle loicvolle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@antonbabenko antonbabenko changed the title Fix for issue-270 RE: prefix lists fix: Fixed SG with prefix lists Jan 13, 2023
@antonbabenko antonbabenko merged commit fdd67cd into terraform-aws-modules:master Jan 13, 2023
antonbabenko pushed a commit that referenced this pull request Jan 13, 2023
@semantic-release-bot
chore(release): version 4.17.1 [skip ci]
b79bcb0 
### [4.17.1](v4.17.0...v4.17.1) (2023-01-13)

### Bug Fixes

* Fixed SG with prefix lists ([#271](#271)) ([fdd67cd](fdd67cd))
@antonbabenko
Copy link
Copy Markdown
Member

antonbabenko commented Jan 13, 2023

This PR is included in version 4.17.1 🎉

@antonbabenko antonbabenko mentioned this pull request Jan 13, 2023
Closed
1 task
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Feb 13, 2023

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions Bot locked as resolved and limited conversation to collaborators Feb 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cannot use custom rule maps with prefix lists

3 participants

@apamildner @antonbabenko @loicvolle