Merge pull request #21 from loft-sh/feat/multiple_sg

feat: add multiple SG declaration support
loft-sh · Sep 5, 2023 · 7634165 · 7634165
2 parents 026ff1f + 670ae92
commit 7634165
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -40,7 +40,7 @@ This provider has the following options
 | AWS_INSTANCE_TYPE | false    | The machine type to use.              | c5.xlarge               |
 | AWS_REGION        | true     | The aws cloud region to create the VM |                         |
 | AWS_VPC_ID        | false    | The vpc id to use.                    |                         |
-| AWS_SECURITY_GROUP_ID | false | The security group ID for the VM     |  created if not specified |
+| AWS_SECURITY_GROUP_ID | false | The security group ID is a comma separated list of IDs for the VM     |  created if not specified |
 | AWS_SUBNET_ID         | false | The subnet ID for the VM | created if not specified |
 | AWS_INSTANCE_TAGS     | false | Additional flags for the VM in the form of "Name=XXX,Value=YYY " | |
 | AWS_INSTANCE_PROFILE_ARN  | false | The ARN of the instance profile to use for the VM | created if not specified |

diff --git a/hack/provider/provider.yaml b/hack/provider/provider.yaml
@@ -71,7 +71,7 @@ options:
     description: The subnet id to use.
     default: ""
   AWS_SECURITY_GROUP_ID:
-    description: The security group id to use.
+    description: The security group id to use. Multiple can be specified by separating with a comma.
     default: ""
   AWS_AMI:
     description: The disk image to use.

diff --git a/pkg/aws/aws.go b/pkg/aws/aws.go
@@ -328,9 +328,9 @@ func CreateDevpodInstanceProfile(ctx context.Context, provider *AwsProvider) (st
 	return *response.InstanceProfile.Arn, nil
 }
 
-func GetDevpodSecurityGroup(ctx context.Context, provider *AwsProvider) (string, error) {
+func GetDevpodSecurityGroups(ctx context.Context, provider *AwsProvider) ([]string, error) {
 	if provider.Config.SecurityGroupID != "" {
-		return provider.Config.SecurityGroupID, nil
+		return strings.Split(provider.Config.SecurityGroupID, ","), nil
 	}
 
 	svc := ec2.NewFromConfig(provider.AwsConfig)
@@ -357,10 +357,20 @@ func GetDevpodSecurityGroup(ctx context.Context, provider *AwsProvider) (string,
 	result, err := svc.DescribeSecurityGroups(ctx, input)
 	// It it is not created, do it
 	if len(result.SecurityGroups) == 0 || err != nil {
-		return CreateDevpodSecurityGroup(ctx, provider)
+		sg, err := CreateDevpodSecurityGroup(ctx, provider)
+		if err != nil {
+			return nil, err
+		}
+
+		return []string{sg}, nil
 	}
 
-	return *result.SecurityGroups[0].GroupId, nil
+	sgs := []string{}
+	for res := range result.SecurityGroups {
+		sgs = append(sgs, *result.SecurityGroups[res].GroupId)
+	}
+
+	return sgs, nil
 }
 
 func CreateDevpodSecurityGroup(ctx context.Context, provider *AwsProvider) (string, error) {
@@ -595,7 +605,7 @@ func Create(
 ) (*ec2.RunInstancesOutput, error) {
 	svc := ec2.NewFromConfig(cfg)
 
-	devpodSG, err := GetDevpodSecurityGroup(ctx, providerAws)
+	devpodSG, err := GetDevpodSecurityGroups(ctx, providerAws)
 	if err != nil {
 		return nil, err
 	}
@@ -608,13 +618,11 @@ func Create(
 	}
 
 	instance := &ec2.RunInstancesInput{
-		ImageId:      aws.String(providerAws.Config.DiskImage),
-		InstanceType: types.InstanceType(providerAws.Config.MachineType),
-		MinCount:     aws.Int32(1),
-		MaxCount:     aws.Int32(1),
-		SecurityGroupIds: []string{
-			devpodSG,
-		},
+		ImageId:          aws.String(providerAws.Config.DiskImage),
+		InstanceType:     types.InstanceType(providerAws.Config.MachineType),
+		MinCount:         aws.Int32(1),
+		MaxCount:         aws.Int32(1),
+		SecurityGroupIds: devpodSG,
 		BlockDeviceMappings: []types.BlockDeviceMapping{
 			{
 				DeviceName: aws.String("/dev/sda1"),