@@ -52,20 +52,11 @@ locals {
5252
5353 volume_per_instance = transpose ({ for key , value in local . instance_per_volume : key => value [" instances"
5454
55- # We look for a firewall rule that allow SSH connection from the Terraform agent's ip
56- # and we memorize the corresponding tag so we can determine which instances can be used as a
55+ # We look for firewall rules that allow SSH connection from the Terraform agent's ip
56+ # and we memorize the corresponding tags so we can determine which instances can be used as a
5757 # first hop when transferring files or executing remote commands with Terraform.
58- # There are room for improvements, but we don't expect users to be very creative with
59- # firewall rules, so we are keeping the algorithm simple for now. One aspect
60- # that could be improved:
61- # 1. We don't validate if the tag is actually present in any instance, we simply take the
62- # first value, so if there are more than one firewall rules that matches the criteria
63- # but only one that is actually active, we might select the wrong tag. It would be better
64- # to keep all firewall tags that match the criteria, then identify the intersection with
65- # instance tags and select any tag that matches.
6658 agent_ip = chomp (data. http . agent_ip . response_body )
67- bastion_tag = try (
68- element ([
59+ bastion_tags = try ([
6960 for rule , values in var . firewall_rules :
7061 values . tag
7162 if values . ethertype == " IPv4" &&
@@ -75,9 +66,8 @@ locals {
7566 tonumber (split (" ." strcontains (values. cidr , " /" ? cidrhost (values. cidr , 0 ) : values. cidr )[i ]) <= tonumber (v) &&
7667 tonumber (split (" ." strcontains (values. cidr , " /" ? cidrhost (values. cidr , - 1 ) : values. cidr )[i ]) >= tonumber (v)
7768 ])
78- ],
79- 0 ),
80- " "
69+ ],
70+ [])
8171}
8272
8373check " disk_space_per_tag"
0 commit comments