Merge pull request #19 from theonestack/feature/inline-support

aaronwalker · web-flow · commit 3d185cdd1bc4 · 2023-12-18T11:31:40.000+01:00
adds support for using Fn::Join etc in SG rules
diff --git a/aurora-postgres.cfndsl.rb b/aurora-postgres.cfndsl.rb
@@ -94,9 +94,17 @@
       ToPort: cluster_port,
     }
     if rule['security_group_id']
-      sg_rule['SourceSecurityGroupId'] = FnSub(rule['security_group_id'])
+      if rule['security_group_id'].is_a?(Hash)
+        sg_rule['SourceSecurityGroupId'] = rule['security_group_id']
+      else
+        sg_rule['SourceSecurityGroupId'] = FnSub(rule['security_group_id'])
+      end
     else
-      sg_rule['CidrIp'] = FnSub(rule['ip'])
+      if rule['ip'].is_a?(Hash)
+        sg_rule['CidrIp'] = rule['ip']
+      else
+        sg_rule['CidrIp'] = FnSub(rule['ip'])
+      end
     end
     if rule['desc']
       sg_rule['Description'] = FnSub(rule['desc'])
diff --git a/spec/security_group_spec.rb b/spec/security_group_spec.rb
@@ -29,7 +29,14 @@
       end
       
       it "to have property SecurityGroupIngress" do
-          expect(resource["Properties"]["SecurityGroupIngress"]).to eq([{"FromPort"=>5432, "IpProtocol"=>"TCP", "ToPort"=>5432, "SourceSecurityGroupId"=>{"Fn::Sub"=>"sg-328h4242u3h"}, "Description"=>{"Fn::Sub"=>"access from my app"}}, {"FromPort"=>5432, "IpProtocol"=>"TCP", "ToPort"=>5432, "CidrIp"=>{"Fn::Sub"=>"10.0.0.0/16"}, "Description"=>{"Fn::Sub"=>"access from peered vpc"}}])
+          expect(resource["Properties"]["SecurityGroupIngress"]).to eq([
+            {"FromPort"=>5432, "IpProtocol"=>"TCP", "ToPort"=>5432, "SourceSecurityGroupId"=>{"Fn::Sub"=>"sg-328h4242u3h"}, "Description"=>{"Fn::Sub"=>"access from my app"}},
+            {"FromPort"=>5432, "IpProtocol"=>"TCP", "ToPort"=>5432, "CidrIp"=>{"Fn::Sub"=>"10.0.0.0/16"}, "Description"=>{"Fn::Sub"=>"access from peered vpc"}},
+            {"FromPort"=>5432, "IpProtocol"=>"TCP", "ToPort"=>5432, "CidrIp"=>{"Fn::Sub"=>"${VPCCidr}"}, "Description"=>{"Fn::Sub"=>"access from peered vpc 1"}},
+            {"FromPort"=>5432, "IpProtocol"=>"TCP", "ToPort"=>5432, "CidrIp"=>{"Fn::Join"=>["", [{"Ref"=>"VPCCidr"}]]}, "Description"=>{"Fn::Sub"=>"access from peered vpc 2"}},
+            {"FromPort"=>5432, "IpProtocol"=>"TCP", "ToPort"=>5432, "SourceSecurityGroupId"=>{"Fn::Join"=>["", [{"Ref"=>"SGId"}]]}, "Description"=>{"Fn::Sub"=>"access from a external sg"}},
+            
+        ])
       end
       
       it "to have property SecurityGroupEgress" do
diff --git a/tests/security_group.test.yaml b/tests/security_group.test.yaml
@@ -3,6 +3,10 @@ test_metadata:
   name: security_group
   description: set the description for your test
 
+test_parameters:
+  VPCCidr: 10.1.0.0/16
+  SGId: sg-328h4242u3h
+
 family: aurora-postgresql9.6
 engine_version: 9.6
 storage_encrypted: true
@@ -13,4 +17,19 @@ security_group_rules:
     desc: access from my app
   -
     ip: 10.0.0.0/16
-    desc: access from peered vpc
+    desc: access from peered vpc
+  -
+    ip: ${VPCCidr}
+    desc: access from peered vpc 1
+  -
+    ip:
+      Fn::Join:
+        - ''
+        - - Ref: VPCCidr
+    desc: access from peered vpc 2
+  -
+    security_group_id:
+      Fn::Join:
+        - ''
+        - - Ref: SGId
+    desc: access from a external sg
