feat: additional functionality added along with fix of double ACL for…

… rule names (#33) BREAKING CHANGE: `vpc_name` variable is now called `name`
terraform-ibm-modules · Jul 13, 2022 · 21166c1 · 21166c1
1 parent fbe68ec
commit 21166c1
Show file tree

Hide file tree

Showing 13 changed files with 119 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -162,6 +162,7 @@ You need the following permissions to run this module.
 | <a name="input_default_network_acl_name"></a> [default\_network\_acl\_name](#input\_default\_network\_acl\_name) | OPTIONAL - Name of the Default ACL. If null, a name will be automatically generated | `string` | `null` | no |
 | <a name="input_default_routing_table_name"></a> [default\_routing\_table\_name](#input\_default\_routing\_table\_name) | OPTIONAL - Name of the Default Routing Table. If null, a name will be automatically generated | `string` | `null` | no |
 | <a name="input_default_security_group_name"></a> [default\_security\_group\_name](#input\_default\_security\_group\_name) | OPTIONAL - Name of the Default Security Group. If null, a name will be automatically generated | `string` | `null` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name for VPC | `string` | n/a | yes |
 | <a name="input_network_acls"></a> [network\_acls](#input\_network\_acls) | List of ACLs to create. Rules can be automatically created to allow inbound and outbound traffic from a VPC tier by adding the name of that tier to the `network_connections` list. Rules automatically generated by these network connections will be added at the beginning of a list, and will be web-tierlied to traffic first. At least one rule must be provided for each ACL. | <pre>list(<br>    object({<br>      name                = string<br>      network_connections = optional(list(string))<br>      add_cluster_rules   = optional(bool)<br>      rules = list(<br>        object({<br>          name        = string<br>          action      = string<br>          destination = string<br>          direction   = string<br>          source      = string<br>          tcp = optional(<br>            object({<br>              port_max        = optional(number)<br>              port_min        = optional(number)<br>              source_port_max = optional(number)<br>              source_port_min = optional(number)<br>            })<br>          )<br>          udp = optional(<br>            object({<br>              port_max        = optional(number)<br>              port_min        = optional(number)<br>              source_port_max = optional(number)<br>              source_port_min = optional(number)<br>            })<br>          )<br>          icmp = optional(<br>            object({<br>              type = optional(number)<br>              code = optional(number)<br>            })<br>          )<br>        })<br>      )<br>    })<br>  )</pre> | <pre>[<br>  {<br>    "add_cluster_rules": true,<br>    "name": "vpc-acl",<br>    "rules": [<br>      {<br>        "action": "allow",<br>        "destination": "0.0.0.0/0",<br>        "direction": "inbound",<br>        "name": "allow-all-inbound",<br>        "source": "0.0.0.0/0"<br>      },<br>      {<br>        "action": "allow",<br>        "destination": "0.0.0.0/0",<br>        "direction": "outbound",<br>        "name": "allow-all-outbound",<br>        "source": "0.0.0.0/0"<br>      }<br>    ]<br>  }<br>]</pre> | no |
 | <a name="input_network_cidr"></a> [network\_cidr](#input\_network\_cidr) | Network CIDR for the VPC. This is used to manage network ACL rules for cluster provisioning. | `string` | `"10.0.0.0/8"` | no |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | The prefix that you would like to append to your resources | `string` | n/a | yes |
@@ -173,7 +174,6 @@ You need the following permissions to run this module.
 | <a name="input_tags"></a> [tags](#input\_tags) | List of Tags for the resource created | `list(string)` | `null` | no |
 | <a name="input_use_manual_address_prefixes"></a> [use\_manual\_address\_prefixes](#input\_use\_manual\_address\_prefixes) | OPTIONAL - Use manual address prefixes for VPC | `bool` | `false` | no |
 | <a name="input_use_public_gateways"></a> [use\_public\_gateways](#input\_use\_public\_gateways) | Create a public gateway in any of the three zones with `true`. | <pre>object({<br>    zone-1 = optional(bool)<br>    zone-2 = optional(bool)<br>    zone-3 = optional(bool)<br>  })</pre> | <pre>{<br>  "zone-1": true,<br>  "zone-2": false,<br>  "zone-3": false<br>}</pre> | no |
-| <a name="input_vpc_name"></a> [vpc\_name](#input\_vpc\_name) | Name for vpc. If left null, one will be generated using the prefix for this module. | `string` | `null` | no |
 
 ## Outputs
 
@@ -184,6 +184,7 @@ You need the following permissions to run this module.
 | <a name="output_subnet_zone_list"></a> [subnet\_zone\_list](#output\_subnet\_zone\_list) | A list containing subnet IDs and subnet zones |
 | <a name="output_vpc_crn"></a> [vpc\_crn](#output\_vpc\_crn) | CRN of VPC created |
 | <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | ID of VPC created |
+| <a name="output_vpc_name"></a> [vpc\_name](#output\_vpc\_name) | Name of VPC created |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## Contributing

diff --git a/dynamic_values.tf b/dynamic_values.tf
@@ -4,7 +4,7 @@
 
 module "dynamic_values" {
   source               = "./dynamic_values"
-  prefix               = var.prefix
+  prefix               = "${var.prefix}-${var.name}"
   region               = var.region
   address_prefixes     = var.address_prefixes
   routes               = var.routes

diff --git a/dynamic_values/address_prefixes.tf b/dynamic_values/address_prefixes.tf
@@ -0,0 +1,32 @@
+##############################################################################
+# Address Prefixes
+##############################################################################
+
+module "prefix_map" {
+  source         = "./config_modules/list_to_map"
+  key_name_field = "zone_name"
+  list = [
+    for zone in ["zone-1", "zone-2", "zone-3"] :
+    {
+      zone_name = zone
+      addresses = [
+        for address in(lookup(var.address_prefixes, zone, null) == null ? [] : var.address_prefixes[zone]) :
+        {
+          name = "${var.prefix}-${zone}-${index(var.address_prefixes[zone], address) + 1}"
+          cidr = address
+          zone = "${var.region}-${index(keys(var.address_prefixes), zone) + 1}"
+        }
+      ]
+    }
+  ]
+}
+
+module "address_prefixes" {
+  source = "./config_modules/list_to_map"
+  list = flatten([
+    for zone in ["zone-1", "zone-2", "zone-3"] :
+    module.prefix_map.value[zone].addresses
+  ])
+}
+
+##############################################################################
diff --git a/dynamic_values/config_modules/list_to_map/main.tf b/dynamic_values/config_modules/list_to_map/main.tf
diff --git a/dynamic_values/config_modules/list_to_map/outputs.tf b/dynamic_values/config_modules/list_to_map/outputs.tf
@@ -0,0 +1,18 @@
+##############################################################################
+# Output
+##############################################################################
+
+output "value" {
+  description = "List converted into map"
+  value = {
+    for item in var.list :
+    ("${var.prefix == "" ? "" : "${var.prefix}-"}${item[var.key_name_field]}") =>
+    item if(
+      var.lookup_field == null                                                             # If not looking up
+      ? true                                                                               # true
+      : can(regex(var.lookup_value_regex, tostring(lookup(item, var.lookup_field, null)))) # Otherwise match regex
+    )
+  }
+}
+
+##############################################################################
diff --git a/dynamic_values/config_modules/list_to_map/variables.tf b/dynamic_values/config_modules/list_to_map/variables.tf
@@ -0,0 +1,34 @@
+##############################################################################
+# Variables
+##############################################################################
+
+variable "list" {
+  description = "List of objects"
+  type        = list(any)
+}
+
+variable "prefix" {
+  description = "Prefix to add to map keys"
+  type        = string
+  default     = ""
+}
+
+variable "key_name_field" {
+  description = "Key inside each object to use as the map key"
+  type        = string
+  default     = "name"
+}
+
+variable "lookup_field" {
+  description = "Name of the field to find with lookup"
+  type        = string
+  default     = null
+}
+
+variable "lookup_value_regex" {
+  description = "regular expression for reurned value"
+  type        = string
+  default     = null
+}
+
+##############################################################################
diff --git a/dynamic_values/config_modules/list_to_map/version.tf b/dynamic_values/config_modules/list_to_map/version.tf
@@ -0,0 +1,10 @@
+##############################################################################
+# Terraform Providers
+##############################################################################
+
+terraform {
+  required_version = ">=1.0.0"
+  experiments      = [module_variable_optional_attrs]
+}
+
+##############################################################################
diff --git a/examples/default/main.tf b/examples/default/main.tf
@@ -22,6 +22,7 @@ module "slz_vpc" {
   source            = "../../"
   resource_group_id = var.resource_group != null ? data.ibm_resource_group.existing_resource_group[0].id : ibm_resource_group.resource_group[0].id
   region            = var.region
+  name              = var.name
   prefix            = var.prefix
   tags              = var.resource_tags
 }
diff --git a/examples/default/variables.tf b/examples/default/variables.tf
@@ -13,7 +13,13 @@ variable "region" {
 variable "prefix" {
   description = "The prefix that you would like to append to your resources"
   type        = string
-  default     = "test-landing-zone-vpc"
+  default     = "test-landing-zone"
+}
+
+variable "name" {
+  description = "The name of the vpc"
+  type        = string
+  default     = "vpc"
 }
 
 variable "resource_group" {

diff --git a/main.tf b/main.tf
@@ -3,7 +3,7 @@
 ##############################################################################
 
 resource "ibm_is_vpc" "vpc" {
-  name                        = var.vpc_name != null ? "${var.prefix}-${var.vpc_name}" : "${var.prefix}-vpc"
+  name                        = var.prefix != null ? "${var.prefix}-${var.name}-vpc" : "${var.name}-vpc"
   resource_group              = var.resource_group_id
   classic_access              = var.classic_access
   address_prefix_management   = var.use_manual_address_prefixes == false ? null : "manual"
@@ -53,7 +53,7 @@ locals {
 
 resource "ibm_is_vpc_route" "route" {
   for_each    = local.routes_map
-  name        = "${var.prefix}-route-${each.value.name}"
+  name        = "${var.prefix}-${var.name}-route-${each.value.name}"
   vpc         = ibm_is_vpc.vpc.id
   zone        = each.value.zone
   destination = each.value.destination
@@ -77,7 +77,7 @@ locals {
 
 resource "ibm_is_public_gateway" "gateway" {
   for_each       = local.gateway_object
-  name           = "${var.prefix}-public-gateway-${each.key}"
+  name           = "${var.prefix}-${var.name}-public-gateway-${each.key}"
   vpc            = ibm_is_vpc.vpc.id
   resource_group = var.resource_group_id
   zone           = each.value

diff --git a/network_acls.tf b/network_acls.tf
@@ -119,7 +119,7 @@ locals {
 
 resource "ibm_is_network_acl" "network_acl" {
   for_each       = local.acl_object
-  name           = "${var.prefix}-${each.key}"
+  name           = "${var.prefix}-${each.key}" #already has name of vpc in each.key
   vpc            = ibm_is_vpc.vpc.id
   resource_group = var.resource_group_id
 

diff --git a/outputs.tf b/outputs.tf
@@ -2,6 +2,11 @@
 # VPC GUID
 ##############################################################################
 
+output "vpc_name" {
+  description = "Name of VPC created"
+  value       = ibm_is_vpc.vpc.name
+}
+
 output "vpc_id" {
   description = "ID of VPC created"
   value       = ibm_is_vpc.vpc.id

diff --git a/variables.tf b/variables.tf
@@ -2,6 +2,11 @@
 # Module Level Variables
 ##############################################################################
 
+variable "name" {
+  description = "Name for VPC"
+  type        = string
+}
+
 variable "resource_group_id" {
   description = "The resource group ID where the VPC to be created"
   type        = string
@@ -23,7 +28,6 @@ variable "tags" {
   default     = null
 }
 
-
 ##############################################################################
 
 ##############################################################################
@@ -36,12 +40,6 @@ variable "network_cidr" {
   default     = "10.0.0.0/8"
 }
 
-variable "vpc_name" {
-  description = "Name for vpc. If left null, one will be generated using the prefix for this module."
-  type        = string
-  default     = null
-}
-
 variable "classic_access" {
   description = "OPTIONAL - Classic Access to the VPC"
   type        = bool