feat: Allow existing subnets to be attached to public gateways.<br>* input variable existing_subnet_ids renamed to existing_subnets<br>* type of input changed from list(string) to list(object)<br>* existing subnet object contains ID of subnet and boolean for public gateway attachment (#709)

toddgiguere · web-flow · commit 3dc79b8d11cf · 2024-01-04T20:45:13.000Z
diff --git a/README.md b/README.md
@@ -119,6 +119,7 @@ To attach access management tags to resources in this module, you need the follo
 | [ibm_is_public_gateway.gateway](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_public_gateway) | resource |
 | [ibm_is_security_group_rule.default_vpc_rule](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_security_group_rule) | resource |
 | [ibm_is_subnet.subnet](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_subnet) | resource |
+| [ibm_is_subnet_public_gateway_attachment.exist_subnet_gw](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_subnet_public_gateway_attachment) | resource |
 | [ibm_is_vpc.vpc](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_vpc) | resource |
 | [ibm_is_vpc_address_prefix.address_prefixes](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_vpc_address_prefix) | resource |
 | [ibm_is_vpc_address_prefix.subnet_prefix](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_vpc_address_prefix) | resource |
@@ -158,7 +159,7 @@ To attach access management tags to resources in this module, you need the follo
 | <a name="input_existing_cos_instance_guid"></a> [existing\_cos\_instance\_guid](#input\_existing\_cos\_instance\_guid) | GUID of the COS instance to create Flow log collector | `string` | `null` | no |
 | <a name="input_existing_dns_instance_id"></a> [existing\_dns\_instance\_id](#input\_existing\_dns\_instance\_id) | Id of an existing dns instance in which the custom resolver is created. Only relevant if enable\_hub is set to true. | `string` | `null` | no |
 | <a name="input_existing_storage_bucket_name"></a> [existing\_storage\_bucket\_name](#input\_existing\_storage\_bucket\_name) | Name of the COS bucket to collect VPC flow logs | `string` | `null` | no |
-| <a name="input_existing_subnet_ids"></a> [existing\_subnet\_ids](#input\_existing\_subnet\_ids) | The IDs of the existing subnets. Required if 'create\_subnets' is false. | `list(string)` | `null` | no |
+| <a name="input_existing_subnets"></a> [existing\_subnets](#input\_existing\_subnets) | The detail of the existing subnets and required mappings to other resources. Required if 'create\_subnets' is false. | <pre>list(object({<br>    id             = string<br>    public_gateway = optional(bool, false)<br>  }))</pre> | `[]` | no |
 | <a name="input_existing_vpc_id"></a> [existing\_vpc\_id](#input\_existing\_vpc\_id) | The ID of the existing vpc. Required if 'create\_vpc' is false. | `string` | `null` | no |
 | <a name="input_hub_vpc_crn"></a> [hub\_vpc\_crn](#input\_hub\_vpc\_crn) | Indicates the crn of the hub VPC for DNS resolution. See https://cloud.ibm.com/docs/vpc?topic=vpc-hub-spoke-model. Mutually exclusive with hub\_vpc\_id. | `string` | `null` | no |
 | <a name="input_hub_vpc_id"></a> [hub\_vpc\_id](#input\_hub\_vpc\_id) | Indicates the id of the hub VPC for DNS resolution. See https://cloud.ibm.com/docs/vpc?topic=vpc-hub-spoke-model. Mutually exclusive with hub\_vpc\_crn. | `string` | `null` | no |
diff --git a/examples/existing_vpc/main.tf b/examples/existing_vpc/main.tf
@@ -18,5 +18,5 @@ module "slz_vpc" {
   create_subnets      = false
   name                = var.name
   public_gateway_name = var.public_gateway_name
-  existing_subnet_ids = var.subnet_ids
+  existing_subnets    = [for id in var.subnet_ids : { "id" : id, "public_gateway" : false }]
 }
diff --git a/main.tf b/main.tf
@@ -10,8 +10,7 @@ locals {
   validate_existing_vpc_id = !var.create_vpc && var.existing_vpc_id == null ? tobool("If var.create_vpc is false, then provide a value for var.existing_vpc_id to create vpc.") : true
 
   # tflint-ignore: terraform_unused_declarations
-  validate_existing_subnet_id = !var.create_subnets && var.existing_subnet_ids == null ? tobool("If var.create_subnet is false, then provide a value for var.existing_subnet_ids to create subnets.") : true
-
+  validate_existing_subnet_id = !var.create_subnets && length(var.existing_subnets) == 0 ? tobool("If var.create_subnet is false, then provide a value for var.existing_subnets to create subnets.") : true
   # tflint-ignore: terraform_unused_declarations
   validate_existing_vpc_and_subnet = var.create_vpc == true && var.create_subnets == false ? tobool("If user is not providing a vpc then they should also not be providing a subnet") : true
 
diff --git a/subnet.tf b/subnet.tf
@@ -46,7 +46,17 @@ resource "ibm_is_subnet" "subnet" {
 }
 
 data "ibm_is_subnet" "subnet" {
-  count      = var.create_subnets == false ? length(var.existing_subnet_ids) : 0
-  identifier = var.existing_subnet_ids[count.index]
+  for_each   = var.create_subnets == false ? { for subnet in var.existing_subnets : subnet.id => subnet } : {}
+  identifier = each.key
 }
+
+# if using existing subnets, attach public gateways as configured
+resource "ibm_is_subnet_public_gateway_attachment" "exist_subnet_gw" {
+  # only choose subnets marked for gateways
+  for_each = var.create_subnets == false ? { for subnet in var.existing_subnets : subnet.id => subnet if subnet.public_gateway } : {}
+  subnet   = each.key
+  # find gateway detail using format of 'zone-#', determine '#' by getting last character of the 'zone' value of an existing subnet
+  public_gateway = ibm_is_public_gateway.gateway["zone-${substr(data.ibm_is_subnet.subnet[each.key].zone, length(data.ibm_is_subnet.subnet[each.key].zone) - 1, 1)}"].id
+}
+
 ##############################################################################
diff --git a/variables.tf b/variables.tf
@@ -382,10 +382,14 @@ variable "create_subnets" {
   default     = true
 }
 
-variable "existing_subnet_ids" {
-  description = "The IDs of the existing subnets. Required if 'create_subnets' is false."
-  type        = list(string)
-  default     = null
+variable "existing_subnets" {
+  description = "The detail of the existing subnets and required mappings to other resources. Required if 'create_subnets' is false."
+  type = list(object({
+    id             = string
+    public_gateway = optional(bool, false)
+  }))
+  default  = []
+  nullable = false
 }
 
 ##############################################################################

Original file line number	Diff line number	Diff line change
`@@ -18,5 +18,5 @@ module "slz_vpc" {`
`18`	`18`	`create_subnets = false`
`19`	`19`	`name = var.name`
`20`	`20`	`public_gateway_name = var.public_gateway_name`
`21`		`- existing_subnet_ids = var.subnet_ids`
	`21`	`+ existing_subnets = [for id in var.subnet_ids : { "id" : id, "public_gateway" : false }]`
`22`	`22`	`}`