Skip to content

Commit 88988c5

Browse files
jakubnojakubno
committed
chore(iac): remove unused allow_sandbox_internet variable
Drop the ALLOW_SANDBOX_INTERNET env var plumbing from Terraform (provider-gcp, provider-aws, job-orchestrator module, GCP Makefile) and the matching orchestrator config/logic. Sandbox internet access is now controlled solely via the per-sandbox network config.
1 parent f2c360d commit 88988c5

14 files changed

Lines changed: 0 additions & 49 deletions

File tree

iac/modules/job-orchestrator/jobs/orchestrator.hcl

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,6 @@ job "orchestrator-${latest_orchestrator_job_id}" {
7070
ENVD_TIMEOUT = "${envd_timeout}"
7171
TEMPLATE_BUCKET_NAME = "${template_bucket_name}"
7272
OTEL_COLLECTOR_GRPC_ENDPOINT = "${otel_collector_grpc_endpoint}"
73-
ALLOW_SANDBOX_INTERNET = "${allow_sandbox_internet}"
7473
ALLOW_SANDBOX_INTERNAL_CIDRS = "${allow_sandbox_internal_cidrs}"
7574
CLICKHOUSE_CONNECTION_STRING = "${clickhouse_connection_string}"
7675
REDIS_POOL_SIZE = "${redis_pool_size}"

iac/modules/job-orchestrator/main.tf

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,6 @@ locals {
99
otel_collector_grpc_endpoint = var.otel_collector_grpc_endpoint
1010
envd_timeout = var.envd_timeout
1111
template_bucket_name = var.template_bucket_name
12-
allow_sandbox_internet = var.allow_sandbox_internet
1312
allow_sandbox_internal_cidrs = var.allow_sandbox_internal_cidrs
1413
clickhouse_connection_string = var.clickhouse_connection_string
1514
redis_url = var.redis_url

iac/modules/job-orchestrator/variables.tf

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -73,10 +73,6 @@ variable "template_bucket_name" {
7373
type = string
7474
}
7575

76-
variable "allow_sandbox_internet" {
77-
type = string
78-
}
79-
8076
variable "allow_sandbox_internal_cidrs" {
8177
type = string
8278
description = "Comma-separated CIDRs to allow through the sandbox firewall deny list (e.g. 10.0.0.1/32,10.0.0.2/32)"

iac/provider-aws/main.tf

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -199,7 +199,6 @@ module "nomad" {
199199
client_proxy_repository_name = module.init.client_proxy_repository_name
200200

201201
orchestrator_node_pool = local.client_pool_name
202-
allow_sandbox_internet = var.allow_sandbox_internet
203202
allow_sandbox_internal_cidrs = var.allow_sandbox_internal_cidrs
204203
orchestrator_port = var.orchestrator_port
205204
orchestrator_proxy_port = var.orchestrator_proxy_port

iac/provider-aws/nomad/main.tf

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -184,7 +184,6 @@ module "orchestrator" {
184184
otel_collector_grpc_endpoint = "localhost:${var.otel_collector_grpc_port}"
185185
envd_timeout = var.envd_timeout
186186
template_bucket_name = var.template_bucket_name
187-
allow_sandbox_internet = var.allow_sandbox_internet
188187
allow_sandbox_internal_cidrs = var.allow_sandbox_internal_cidrs
189188
clickhouse_connection_string = local.clickhouse_connection_string
190189
redis_url = var.redis_url

iac/provider-aws/nomad/variables.tf

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -218,11 +218,6 @@ variable "orchestrator_proxy_port" {
218218
default = 5007
219219
}
220220

221-
variable "allow_sandbox_internet" {
222-
type = bool
223-
default = true
224-
}
225-
226221
variable "allow_sandbox_internal_cidrs" {
227222
type = string
228223
description = "Comma-separated CIDRs to allow through the sandbox firewall deny list"

iac/provider-aws/variables.tf

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -125,11 +125,6 @@ variable "orchestrator_proxy_port" {
125125
default = 5007
126126
}
127127

128-
variable "allow_sandbox_internet" {
129-
type = bool
130-
default = true
131-
}
132-
133128
variable "allow_sandbox_internal_cidrs" {
134129
type = string
135130
description = "Comma-separated CIDRs to allow through the sandbox firewall deny list (e.g. 10.0.0.1/32,10.0.0.2/32)"

iac/provider-gcp/Makefile

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,6 @@ tf_vars := \
4242
$(call tfvar, PREFIX) \
4343
$(call tfvar, SANDBOX_STORAGE_BACKEND) \
4444
$(call tfvar, ORCHESTRATOR_ENABLED) \
45-
$(call tfvar, ALLOW_SANDBOX_INTERNET) \
4645
$(call tfvar, API_INTERNAL_GRPC_PORT) \
4746
$(call tfvar, ALLOW_SANDBOX_INTERNAL_CIDRS) \
4847
$(call tfvar, API_SERVER_COUNT) \

iac/provider-gcp/main.tf

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -303,7 +303,6 @@ module "nomad" {
303303

304304
# Orchestrator
305305
orchestrator_node_pool = var.orchestrator_node_pool
306-
allow_sandbox_internet = var.allow_sandbox_internet
307306
allow_sandbox_internal_cidrs = var.allow_sandbox_internal_cidrs
308307
orchestrator_port = var.orchestrator_port
309308
orchestrator_proxy_port = var.orchestrator_proxy_port

iac/provider-gcp/nomad/main.tf

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -463,7 +463,6 @@ module "orchestrator" {
463463
otel_collector_grpc_endpoint = "localhost:${var.otel_collector_grpc_port}"
464464
envd_timeout = var.envd_timeout
465465
template_bucket_name = var.template_bucket_name
466-
allow_sandbox_internet = var.allow_sandbox_internet
467466
allow_sandbox_internal_cidrs = var.allow_sandbox_internal_cidrs
468467
clickhouse_connection_string = local.clickhouse_connection_string
469468
redis_url = local.redis_url

0 commit comments

Comments
 (0)