Fixed the reference to the cidr block variable.

kcantrel · kcantrel · commit 8aeb80f19a73 · 2024-07-02T12:51:02.000-05:00
diff --git a/Terraform/deploy-fsx-ontap/module/main.tf b/Terraform/deploy-fsx-ontap/module/main.tf
@@ -29,11 +29,17 @@ resource "aws_fsx_ontap_file_system" "terraform-fsxn" {
   fsx_admin_password                = data.aws_secretsmanager_secret_version.fsx_password.secret_string
   route_table_ids                   = var.route_table_ids
   tags                              = var.tags
-  disk_iops_configuration           = var.disk_iops_configuration
+  dynamic "disk_iops_configuration" {
+    for_each = var.disk_iops_configuration != null ? [var.disk_iops_configuration] : []
+    content {
+      iops = disk_iops_configuration.value["iops"]
+      mode = disk_iops_configuration.value["mode"]
+    }
+  }
 
   lifecycle {
     precondition {
-      condition = !var.create_sg || (var.cidr_block != "" && var.source_security_group_id == "" || var.cidr_block == "" && var.source_security_group_id != "")
+      condition = !var.create_sg || (var.cidr_for_sg != "" && var.source_security_group_id == "" || var.cidr_for_sg == "" && var.source_security_group_id != "")
       error_message = "You must specify EITHER cidr_block OR source_security_group_id when creating a security group, not both."
     }
     precondition {
diff --git a/Terraform/deploy-fsx-ontap/module/security_groups.tf b/Terraform/deploy-fsx-ontap/module/security_groups.tf
@@ -10,7 +10,7 @@
  *   the "security_group_id" to the security group you want to use. Both of these variables
  *   can be found in the variables.tf file.
  *
- * - If you wish to use the created Security Group, just be sure to set the cidr_block OR
+ * - If you wish to use the created Security Group, just be sure to set the cidr_for_sg OR
  *   source_security_group_id varaibles in the variables.tf file. Do not set both or the
  *   creation of the security group will fail.
  */
@@ -33,7 +33,7 @@ resource "aws_vpc_security_group_ingress_rule" "all_icmp" {
 resource "aws_vpc_security_group_ingress_rule" "nfs_tcp" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Remote procedure call for NFS"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 111
   to_port           = 111
@@ -43,7 +43,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_tcp" {
 resource "aws_vpc_security_group_ingress_rule" "nfs_udp" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Remote procedure call for NFS"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 111
   to_port           = 111
@@ -53,7 +53,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_udp" {
 resource "aws_vpc_security_group_ingress_rule" "cifs" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "NetBIOS service session for CIFS"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 139
   to_port           = 139
@@ -63,7 +63,7 @@ resource "aws_vpc_security_group_ingress_rule" "cifs" {
 resource "aws_vpc_security_group_ingress_rule" "snmp_tcp" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Simple network management protocol for log collection"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 161
   to_port           = 162
@@ -73,7 +73,7 @@ resource "aws_vpc_security_group_ingress_rule" "snmp_tcp" {
 resource "aws_vpc_security_group_ingress_rule" "snmp_udp" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Simple network management protocol for log collection"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 161
   to_port           = 162
@@ -83,7 +83,7 @@ resource "aws_vpc_security_group_ingress_rule" "snmp_udp" {
 resource "aws_vpc_security_group_ingress_rule" "smb_cifs" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Microsoft SMB/CIFS over TCP with NetBIOS framing"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 445
   to_port           = 445
@@ -93,7 +93,7 @@ resource "aws_vpc_security_group_ingress_rule" "smb_cifs" {
 resource "aws_vpc_security_group_ingress_rule" "nfs_mount_tcp" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "NFS mount"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 635
   to_port           = 635
@@ -103,7 +103,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_mount_tcp" {
 resource "aws_vpc_security_group_ingress_rule" "kerberos" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Kerberos authentication"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 749
   to_port           = 749
@@ -113,7 +113,7 @@ resource "aws_vpc_security_group_ingress_rule" "kerberos" {
 resource "aws_vpc_security_group_ingress_rule" "nfs_server_daemon" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "NFS server daemon"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 2049
   to_port           = 2049
@@ -123,7 +123,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_server_daemon" {
 resource "aws_vpc_security_group_ingress_rule" "nfs_server_daemon_udp" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "NFS server daemon"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 2049
   to_port           = 2049
@@ -133,7 +133,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_server_daemon_udp" {
 resource "aws_vpc_security_group_ingress_rule" "nfs_lock_daemon" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "NFS lock daemon"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 4045
   to_port           = 4045
@@ -143,7 +143,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_lock_daemon" {
 resource "aws_vpc_security_group_ingress_rule" "nfs_lock_daemon_udp" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "NFS lock daemon"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 4045
   to_port           = 4045
@@ -153,7 +153,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_lock_daemon_udp" {
 resource "aws_vpc_security_group_ingress_rule" "nfs_status_monitor" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Status monitor for NFS"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 4046
   to_port           = 4046
@@ -163,7 +163,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_status_monitor" {
 resource "aws_vpc_security_group_ingress_rule" "nfs_status_monitor_udp" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Status monitor for NFS"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 4046
   to_port           = 4046
@@ -173,7 +173,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_status_monitor_udp" {
 resource "aws_vpc_security_group_ingress_rule" "nfs_rquotad" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Remote quota server for NFS"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 4049
   to_port           = 4049
@@ -183,7 +183,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_rquotad" {
 resource "aws_vpc_security_group_ingress_rule" "iscsi_tcp" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "iSCSI"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 3260
   to_port           = 3260
@@ -193,7 +193,7 @@ resource "aws_vpc_security_group_ingress_rule" "iscsi_tcp" {
 resource "aws_vpc_security_group_ingress_rule" "Snapmirror_Intercluster_communication" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Snapmirror Intercluster communication"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 11104
   to_port           = 11104
@@ -203,7 +203,7 @@ resource "aws_vpc_security_group_ingress_rule" "Snapmirror_Intercluster_communic
 resource "aws_vpc_security_group_ingress_rule" "Snapmirror_data_transfer" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Snapmirror data transfer"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 11105
   to_port           = 11105
@@ -213,7 +213,7 @@ resource "aws_vpc_security_group_ingress_rule" "Snapmirror_data_transfer" {
 resource "aws_vpc_security_group_ingress_rule" "nfs_mount_udp" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "NFS mount"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 635
   to_port           = 635
@@ -223,7 +223,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs_mount_udp" {
 resource "aws_vpc_security_group_ingress_rule" "ssh" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "ssh"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 22
   to_port           = 22
@@ -233,7 +233,7 @@ resource "aws_vpc_security_group_ingress_rule" "ssh" {
 resource "aws_vpc_security_group_ingress_rule" "s3_and_api" {
   security_group_id = aws_security_group.fsx_sg.id
   description       = "Provice acccess to S3 and the ONTAP REST API"
-  cidr_ipv4         = (var.cidr_block != "" ? var.cidr_block : null)
+  cidr_ipv4         = (var.cidr_for_sg != "" ? var.cidr_for_sg : null)
   referenced_security_group_id = (var.source_security_group_id != "" ? var.source_security_group_id : null)
   from_port         = 443
   to_port           = 443
