From 21166c19e6a8d378098eb0d8c866c9718887750d Mon Sep 17 00:00:00 2001 From: Adam Geiger Date: Wed, 13 Jul 2022 09:11:38 -0400 Subject: [PATCH] feat: additional functionality added along with fix of double ACL for rule names (#33) BREAKING CHANGE: `vpc_name` variable is now called `name` --- README.md | 3 +- dynamic_values.tf | 2 +- dynamic_values/address_prefixes.tf | 32 +++++++++++++++++ .../config_modules/list_to_map/main.tf | 0 .../config_modules/list_to_map/outputs.tf | 18 ++++++++++ .../config_modules/list_to_map/variables.tf | 34 +++++++++++++++++++ .../config_modules/list_to_map/version.tf | 10 ++++++ examples/default/main.tf | 1 + examples/default/variables.tf | 8 ++++- main.tf | 6 ++-- network_acls.tf | 2 +- outputs.tf | 5 +++ variables.tf | 12 +++---- 13 files changed, 119 insertions(+), 14 deletions(-) create mode 100644 dynamic_values/address_prefixes.tf create mode 100644 dynamic_values/config_modules/list_to_map/main.tf create mode 100644 dynamic_values/config_modules/list_to_map/outputs.tf create mode 100644 dynamic_values/config_modules/list_to_map/variables.tf create mode 100644 dynamic_values/config_modules/list_to_map/version.tf diff --git a/README.md b/README.md index 7ec6594c..d44da106 100644 --- a/README.md +++ b/README.md @@ -162,6 +162,7 @@ You need the following permissions to run this module. | [default\_network\_acl\_name](#input\_default\_network\_acl\_name) | OPTIONAL - Name of the Default ACL. If null, a name will be automatically generated | `string` | `null` | no | | [default\_routing\_table\_name](#input\_default\_routing\_table\_name) | OPTIONAL - Name of the Default Routing Table. If null, a name will be automatically generated | `string` | `null` | no | | [default\_security\_group\_name](#input\_default\_security\_group\_name) | OPTIONAL - Name of the Default Security Group. If null, a name will be automatically generated | `string` | `null` | no | +| [name](#input\_name) | Name for VPC | `string` | n/a | yes | | [network\_acls](#input\_network\_acls) | List of ACLs to create. Rules can be automatically created to allow inbound and outbound traffic from a VPC tier by adding the name of that tier to the `network_connections` list. Rules automatically generated by these network connections will be added at the beginning of a list, and will be web-tierlied to traffic first. At least one rule must be provided for each ACL. | 
list(
    object({
      name                = string
      network_connections = optional(list(string))
      add_cluster_rules   = optional(bool)
      rules = list(
        object({
          name        = string
          action      = string
          destination = string
          direction   = string
          source      = string
          tcp = optional(
            object({
              port_max        = optional(number)
              port_min        = optional(number)
              source_port_max = optional(number)
              source_port_min = optional(number)
            })
          )
          udp = optional(
            object({
              port_max        = optional(number)
              port_min        = optional(number)
              source_port_max = optional(number)
              source_port_min = optional(number)
            })
          )
          icmp = optional(
            object({
              type = optional(number)
              code = optional(number)
            })
          )
        })
      )
    })
  )
| 
[
  {
    "add_cluster_rules": true,
    "name": "vpc-acl",
    "rules": [
      {
        "action": "allow",
        "destination": "0.0.0.0/0",
        "direction": "inbound",
        "name": "allow-all-inbound",
        "source": "0.0.0.0/0"
      },
      {
        "action": "allow",
        "destination": "0.0.0.0/0",
        "direction": "outbound",
        "name": "allow-all-outbound",
        "source": "0.0.0.0/0"
      }
    ]
  }
]
| no | | [network\_cidr](#input\_network\_cidr) | Network CIDR for the VPC. This is used to manage network ACL rules for cluster provisioning. | `string` | `"10.0.0.0/8"` | no | | [prefix](#input\_prefix) | The prefix that you would like to append to your resources | `string` | n/a | yes | @@ -173,7 +174,6 @@ You need the following permissions to run this module. | [tags](#input\_tags) | List of Tags for the resource created | `list(string)` | `null` | no | | [use\_manual\_address\_prefixes](#input\_use\_manual\_address\_prefixes) | OPTIONAL - Use manual address prefixes for VPC | `bool` | `false` | no | | [use\_public\_gateways](#input\_use\_public\_gateways) | Create a public gateway in any of the three zones with `true`. | 
object({
    zone-1 = optional(bool)
    zone-2 = optional(bool)
    zone-3 = optional(bool)
  })
| 
{
  "zone-1": true,
  "zone-2": false,
  "zone-3": false
}
| no | -| [vpc\_name](#input\_vpc\_name) | Name for vpc. If left null, one will be generated using the prefix for this module. | `string` | `null` | no | ## Outputs @@ -184,6 +184,7 @@ You need the following permissions to run this module. | [subnet\_zone\_list](#output\_subnet\_zone\_list) | A list containing subnet IDs and subnet zones | | [vpc\_crn](#output\_vpc\_crn) | CRN of VPC created | | [vpc\_id](#output\_vpc\_id) | ID of VPC created | +| [vpc\_name](#output\_vpc\_name) | Name of VPC created | ## Contributing diff --git a/dynamic_values.tf b/dynamic_values.tf index fc6b89a3..5e54f6e0 100644 --- a/dynamic_values.tf +++ b/dynamic_values.tf @@ -4,7 +4,7 @@ module "dynamic_values" { source = "./dynamic_values" - prefix = var.prefix + prefix = "${var.prefix}-${var.name}" region = var.region address_prefixes = var.address_prefixes routes = var.routes diff --git a/dynamic_values/address_prefixes.tf b/dynamic_values/address_prefixes.tf new file mode 100644 index 00000000..5cda027b --- /dev/null +++ b/dynamic_values/address_prefixes.tf @@ -0,0 +1,32 @@ +############################################################################## +# Address Prefixes +############################################################################## + +module "prefix_map" { + source = "./config_modules/list_to_map" + key_name_field = "zone_name" + list = [ + for zone in ["zone-1", "zone-2", "zone-3"] : + { + zone_name = zone + addresses = [ + for address in(lookup(var.address_prefixes, zone, null) == null ? [] : var.address_prefixes[zone]) : + { + name = "${var.prefix}-${zone}-${index(var.address_prefixes[zone], address) + 1}" + cidr = address + zone = "${var.region}-${index(keys(var.address_prefixes), zone) + 1}" + } + ] + } + ] +} + +module "address_prefixes" { + source = "./config_modules/list_to_map" + list = flatten([ + for zone in ["zone-1", "zone-2", "zone-3"] : + module.prefix_map.value[zone].addresses + ]) +} + +############################################################################## diff --git a/dynamic_values/config_modules/list_to_map/main.tf b/dynamic_values/config_modules/list_to_map/main.tf new file mode 100644 index 00000000..e69de29b diff --git a/dynamic_values/config_modules/list_to_map/outputs.tf b/dynamic_values/config_modules/list_to_map/outputs.tf new file mode 100644 index 00000000..6b950509 --- /dev/null +++ b/dynamic_values/config_modules/list_to_map/outputs.tf @@ -0,0 +1,18 @@ +############################################################################## +# Output +############################################################################## + +output "value" { + description = "List converted into map" + value = { + for item in var.list : + ("${var.prefix == "" ? "" : "${var.prefix}-"}${item[var.key_name_field]}") => + item if( + var.lookup_field == null # If not looking up + ? true # true + : can(regex(var.lookup_value_regex, tostring(lookup(item, var.lookup_field, null)))) # Otherwise match regex + ) + } +} + +############################################################################## diff --git a/dynamic_values/config_modules/list_to_map/variables.tf b/dynamic_values/config_modules/list_to_map/variables.tf new file mode 100644 index 00000000..5df463ec --- /dev/null +++ b/dynamic_values/config_modules/list_to_map/variables.tf @@ -0,0 +1,34 @@ +############################################################################## +# Variables +############################################################################## + +variable "list" { + description = "List of objects" + type = list(any) +} + +variable "prefix" { + description = "Prefix to add to map keys" + type = string + default = "" +} + +variable "key_name_field" { + description = "Key inside each object to use as the map key" + type = string + default = "name" +} + +variable "lookup_field" { + description = "Name of the field to find with lookup" + type = string + default = null +} + +variable "lookup_value_regex" { + description = "regular expression for reurned value" + type = string + default = null +} + +############################################################################## diff --git a/dynamic_values/config_modules/list_to_map/version.tf b/dynamic_values/config_modules/list_to_map/version.tf new file mode 100644 index 00000000..2e29186a --- /dev/null +++ b/dynamic_values/config_modules/list_to_map/version.tf @@ -0,0 +1,10 @@ +############################################################################## +# Terraform Providers +############################################################################## + +terraform { + required_version = ">=1.0.0" + experiments = [module_variable_optional_attrs] +} + +############################################################################## diff --git a/examples/default/main.tf b/examples/default/main.tf index 1269e59c..2acea38a 100644 --- a/examples/default/main.tf +++ b/examples/default/main.tf @@ -22,6 +22,7 @@ module "slz_vpc" { source = "../../" resource_group_id = var.resource_group != null ? data.ibm_resource_group.existing_resource_group[0].id : ibm_resource_group.resource_group[0].id region = var.region + name = var.name prefix = var.prefix tags = var.resource_tags } diff --git a/examples/default/variables.tf b/examples/default/variables.tf index 1408872c..8d41a210 100644 --- a/examples/default/variables.tf +++ b/examples/default/variables.tf @@ -13,7 +13,13 @@ variable "region" { variable "prefix" { description = "The prefix that you would like to append to your resources" type = string - default = "test-landing-zone-vpc" + default = "test-landing-zone" +} + +variable "name" { + description = "The name of the vpc" + type = string + default = "vpc" } variable "resource_group" { diff --git a/main.tf b/main.tf index c30eaaf6..97077309 100644 --- a/main.tf +++ b/main.tf @@ -3,7 +3,7 @@ ############################################################################## resource "ibm_is_vpc" "vpc" { - name = var.vpc_name != null ? "${var.prefix}-${var.vpc_name}" : "${var.prefix}-vpc" + name = var.prefix != null ? "${var.prefix}-${var.name}-vpc" : "${var.name}-vpc" resource_group = var.resource_group_id classic_access = var.classic_access address_prefix_management = var.use_manual_address_prefixes == false ? null : "manual" @@ -53,7 +53,7 @@ locals { resource "ibm_is_vpc_route" "route" { for_each = local.routes_map - name = "${var.prefix}-route-${each.value.name}" + name = "${var.prefix}-${var.name}-route-${each.value.name}" vpc = ibm_is_vpc.vpc.id zone = each.value.zone destination = each.value.destination @@ -77,7 +77,7 @@ locals { resource "ibm_is_public_gateway" "gateway" { for_each = local.gateway_object - name = "${var.prefix}-public-gateway-${each.key}" + name = "${var.prefix}-${var.name}-public-gateway-${each.key}" vpc = ibm_is_vpc.vpc.id resource_group = var.resource_group_id zone = each.value diff --git a/network_acls.tf b/network_acls.tf index 8176b676..5dfdd517 100644 --- a/network_acls.tf +++ b/network_acls.tf @@ -119,7 +119,7 @@ locals { resource "ibm_is_network_acl" "network_acl" { for_each = local.acl_object - name = "${var.prefix}-${each.key}" + name = "${var.prefix}-${each.key}" #already has name of vpc in each.key vpc = ibm_is_vpc.vpc.id resource_group = var.resource_group_id diff --git a/outputs.tf b/outputs.tf index 01795089..6bc1ca44 100644 --- a/outputs.tf +++ b/outputs.tf @@ -2,6 +2,11 @@ # VPC GUID ############################################################################## +output "vpc_name" { + description = "Name of VPC created" + value = ibm_is_vpc.vpc.name +} + output "vpc_id" { description = "ID of VPC created" value = ibm_is_vpc.vpc.id diff --git a/variables.tf b/variables.tf index 10393d2d..114285f8 100644 --- a/variables.tf +++ b/variables.tf @@ -2,6 +2,11 @@ # Module Level Variables ############################################################################## +variable "name" { + description = "Name for VPC" + type = string +} + variable "resource_group_id" { description = "The resource group ID where the VPC to be created" type = string @@ -23,7 +28,6 @@ variable "tags" { default = null } - ############################################################################## ############################################################################## @@ -36,12 +40,6 @@ variable "network_cidr" { default = "10.0.0.0/8" } -variable "vpc_name" { - description = "Name for vpc. If left null, one will be generated using the prefix for this module." - type = string - default = null -} - variable "classic_access" { description = "OPTIONAL - Classic Access to the VPC" type = bool