Skip to content

Commit 134ca52

Browse files
toddgigueretoddgiguere
authored
feat: allow existing subnet public gateway attachment (#674)
Allow existing subnets to be attached to public gateways. * input variable vpcs.existing_subnet_ids renamed to vpcs.existing_subnets * type of input changed from list(string) to list(object) * existing subnet object contains ID of subnet and boolean for public gateway attachment NOTE: this feature is only available via direct landing zone module call or by using an override option for the vpcs input.
1 parent 93f668c commit 134ca52

File tree

3 files changed

+16
-9
lines changed

3 files changed

+16
-9
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -855,7 +855,7 @@ module "cluster_pattern" {
855855
| <a name="module_placement_group_map"></a> [placement\_group\_map](#module\_placement\_group\_map) | ./dynamic_values/config_modules/list_to_map | n/a |
856856
| <a name="module_ssh_keys"></a> [ssh\_keys](#module\_ssh\_keys) | ./ssh_key | n/a |
857857
| <a name="module_teleport_config"></a> [teleport\_config](#module\_teleport\_config) | ./teleport_config | n/a |
858-
| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-ibm-modules/landing-zone-vpc/ibm | 7.13.3 |
858+
| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-ibm-modules/landing-zone-vpc/ibm | 7.15.0 |
859859
| <a name="module_vsi"></a> [vsi](#module\_vsi) | terraform-ibm-modules/landing-zone-vsi/ibm | 3.1.0 |
860860

861861
### Resources
@@ -923,7 +923,7 @@ module "cluster_pattern" {
923923
| <a name="input_transit_gateway_resource_group"></a> [transit\_gateway\_resource\_group](#input\_transit\_gateway\_resource\_group) | Name of resource group to use for transit gateway. Must be included in `var.resource_group` | `string` | n/a | yes |
924924
| <a name="input_virtual_private_endpoints"></a> [virtual\_private\_endpoints](#input\_virtual\_private\_endpoints) | Object describing VPE to be created | <pre>list(<br> object({<br> service_name = string<br> service_type = string<br> resource_group = optional(string)<br> access_tags = optional(list(string), [])<br> vpcs = list(<br> object({<br> name = string<br> subnets = list(string)<br> security_group_name = optional(string)<br> })<br> )<br> })<br> )</pre> | n/a | yes |
925925
| <a name="input_vpc_placement_groups"></a> [vpc\_placement\_groups](#input\_vpc\_placement\_groups) | List of VPC placement groups to create | <pre>list(<br> object({<br> access_tags = optional(list(string), [])<br> name = string<br> resource_group = optional(string)<br> strategy = string<br> })<br> )</pre> | `[]` | no |
926-
| <a name="input_vpcs"></a> [vpcs](#input\_vpcs) | A map describing VPCs to be created in this repo. | <pre>list(<br> object({<br> prefix = string # VPC prefix<br> existing_vpc_id = optional(string)<br> existing_subnet_ids = optional(list(string))<br> resource_group = optional(string) # Name of the group where VPC will be created<br> access_tags = optional(list(string), [])<br> classic_access = optional(bool)<br> default_network_acl_name = optional(string)<br> default_security_group_name = optional(string)<br> clean_default_sg_acl = optional(bool, false)<br> default_security_group_rules = optional(<br> list(<br> object({<br> name = string<br> direction = string<br> remote = string<br> tcp = optional(<br> object({<br> port_max = optional(number)<br> port_min = optional(number)<br> })<br> )<br> udp = optional(<br> object({<br> port_max = optional(number)<br> port_min = optional(number)<br> })<br> )<br> icmp = optional(<br> object({<br> type = optional(number)<br> code = optional(number)<br> })<br> )<br> })<br> )<br> )<br> default_routing_table_name = optional(string)<br> flow_logs_bucket_name = optional(string)<br> address_prefixes = optional(<br> object({<br> zone-1 = optional(list(string))<br> zone-2 = optional(list(string))<br> zone-3 = optional(list(string))<br> })<br> )<br> network_acls = list(<br> object({<br> name = string<br> add_ibm_cloud_internal_rules = optional(bool)<br> add_vpc_connectivity_rules = optional(bool)<br> prepend_ibm_rules = optional(bool)<br> rules = list(<br> object({<br> name = string<br> action = string<br> destination = string<br> direction = string<br> source = string<br> tcp = optional(<br> object({<br> port_max = optional(number)<br> port_min = optional(number)<br> source_port_max = optional(number)<br> source_port_min = optional(number)<br> })<br> )<br> udp = optional(<br> object({<br> port_max = optional(number)<br> port_min = optional(number)<br> source_port_max = optional(number)<br> source_port_min = optional(number)<br> })<br> )<br> icmp = optional(<br> object({<br> type = optional(number)<br> code = optional(number)<br> })<br> )<br> })<br> )<br> })<br> )<br> use_public_gateways = object({<br> zone-1 = optional(bool)<br> zone-2 = optional(bool)<br> zone-3 = optional(bool)<br> })<br> subnets = optional(object({<br> zone-1 = list(object({<br> name = string<br> cidr = string<br> public_gateway = optional(bool)<br> acl_name = string<br> }))<br> zone-2 = list(object({<br> name = string<br> cidr = string<br> public_gateway = optional(bool)<br> acl_name = string<br> }))<br> zone-3 = list(object({<br> name = string<br> cidr = string<br> public_gateway = optional(bool)<br> acl_name = string<br> }))<br> }))<br> })<br> )</pre> | n/a | yes |
926+
| <a name="input_vpcs"></a> [vpcs](#input\_vpcs) | A map describing VPCs to be created in this repo. | <pre>list(<br> object({<br> prefix = string # VPC prefix<br> existing_vpc_id = optional(string)<br> existing_subnets = optional(<br> list(<br> object({<br> id = string<br> public_gateway = optional(bool, false)<br> })<br> )<br> )<br> resource_group = optional(string) # Name of the group where VPC will be created<br> access_tags = optional(list(string), [])<br> classic_access = optional(bool)<br> default_network_acl_name = optional(string)<br> default_security_group_name = optional(string)<br> clean_default_sg_acl = optional(bool, false)<br> default_security_group_rules = optional(<br> list(<br> object({<br> name = string<br> direction = string<br> remote = string<br> tcp = optional(<br> object({<br> port_max = optional(number)<br> port_min = optional(number)<br> })<br> )<br> udp = optional(<br> object({<br> port_max = optional(number)<br> port_min = optional(number)<br> })<br> )<br> icmp = optional(<br> object({<br> type = optional(number)<br> code = optional(number)<br> })<br> )<br> })<br> )<br> )<br> default_routing_table_name = optional(string)<br> flow_logs_bucket_name = optional(string)<br> address_prefixes = optional(<br> object({<br> zone-1 = optional(list(string))<br> zone-2 = optional(list(string))<br> zone-3 = optional(list(string))<br> })<br> )<br> network_acls = list(<br> object({<br> name = string<br> add_ibm_cloud_internal_rules = optional(bool)<br> add_vpc_connectivity_rules = optional(bool)<br> prepend_ibm_rules = optional(bool)<br> rules = list(<br> object({<br> name = string<br> action = string<br> destination = string<br> direction = string<br> source = string<br> tcp = optional(<br> object({<br> port_max = optional(number)<br> port_min = optional(number)<br> source_port_max = optional(number)<br> source_port_min = optional(number)<br> })<br> )<br> udp = optional(<br> object({<br> port_max = optional(number)<br> port_min = optional(number)<br> source_port_max = optional(number)<br> source_port_min = optional(number)<br> })<br> )<br> icmp = optional(<br> object({<br> type = optional(number)<br> code = optional(number)<br> })<br> )<br> })<br> )<br> })<br> )<br> use_public_gateways = object({<br> zone-1 = optional(bool)<br> zone-2 = optional(bool)<br> zone-3 = optional(bool)<br> })<br> subnets = optional(object({<br> zone-1 = list(object({<br> name = string<br> cidr = string<br> public_gateway = optional(bool)<br> acl_name = string<br> }))<br> zone-2 = list(object({<br> name = string<br> cidr = string<br> public_gateway = optional(bool)<br> acl_name = string<br> }))<br> zone-3 = list(object({<br> name = string<br> cidr = string<br> public_gateway = optional(bool)<br> acl_name = string<br> }))<br> }))<br> })<br> )</pre> | n/a | yes |
927927
| <a name="input_vpn_gateways"></a> [vpn\_gateways](#input\_vpn\_gateways) | List of VPN Gateways to create. | <pre>list(<br> object({<br> name = string<br> vpc_name = string<br> subnet_name = string # Do not include prefix, use same name as in `var.subnets`<br> mode = optional(string)<br> resource_group = optional(string)<br> access_tags = optional(list(string), [])<br> })<br> )</pre> | n/a | yes |
928928
| <a name="input_vsi"></a> [vsi](#input\_vsi) | A list describing VSI workloads to create | <pre>list(<br> object({<br> name = string<br> vpc_name = string<br> subnet_names = list(string)<br> ssh_keys = list(string)<br> image_name = string<br> machine_type = string<br> vsi_per_subnet = number<br> user_data = optional(string)<br> resource_group = optional(string)<br> enable_floating_ip = optional(bool)<br> security_groups = optional(list(string))<br> boot_volume_encryption_key_name = optional(string)<br> access_tags = optional(list(string), [])<br> security_group = optional(<br> object({<br> name = string<br> rules = list(<br> object({<br> name = string<br> direction = string<br> source = string<br> tcp = optional(<br> object({<br> port_max = number<br> port_min = number<br> })<br> )<br> udp = optional(<br> object({<br> port_max = number<br> port_min = number<br> })<br> )<br> icmp = optional(<br> object({<br> type = number<br> code = number<br> })<br> )<br> })<br> )<br> })<br> )<br> block_storage_volumes = optional(list(<br> object({<br> name = string<br> profile = string<br> capacity = optional(number)<br> iops = optional(number)<br> encryption_key = optional(string)<br> })<br> ))<br> load_balancers = optional(list(<br> object({<br> name = string<br> type = string<br> listener_port = number<br> listener_protocol = string<br> connection_limit = number<br> algorithm = string<br> protocol = string<br> health_delay = number<br> health_retries = number<br> health_timeout = number<br> health_type = string<br> pool_member_port = string<br> idle_connection_timeout = optional(number)<br> security_group = optional(<br> object({<br> name = string<br> rules = list(<br> object({<br> name = string<br> direction = string<br> source = string<br> tcp = optional(<br> object({<br> port_max = number<br> port_min = number<br> })<br> )<br> udp = optional(<br> object({<br> port_max = number<br> port_min = number<br> })<br> )<br> icmp = optional(<br> object({<br> type = number<br> code = number<br> })<br> )<br> })<br> )<br> })<br> )<br> })<br> ))<br> })<br> )</pre> | n/a | yes |
929929
| <a name="input_wait_till"></a> [wait\_till](#input\_wait\_till) | To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, and `IngressReady` | `string` | `"IngressReady"` | no |

main.tf

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ locals {
1212
# Due to existing implicit dependencies we do not think this will be an issue, including auth policies for activity tracker.
1313
module "vpc" {
1414
source = "terraform-ibm-modules/landing-zone-vpc/ibm"
15-
version = "7.13.3"
15+
version = "7.15.0"
1616
for_each = local.vpc_map
1717
name = each.value.prefix
1818
existing_vpc_id = each.value.existing_vpc_id
@@ -31,10 +31,10 @@ module "vpc" {
3131
address_prefixes = each.value.address_prefixes
3232
network_acls = each.value.network_acls
3333
use_public_gateways = each.value.use_public_gateways
34-
create_subnets = length(coalesce(each.value.existing_subnet_ids, [])) == 0 ? true : false
34+
create_subnets = length(coalesce(each.value.existing_subnets, [])) == 0 ? true : false
3535
# NOTE: for existing subnets scenario, current VPC module does not accept null for subnets map, so sending in a map with empty arrays instead
36-
subnets = length(coalesce(each.value.existing_subnet_ids, [])) == 0 ? each.value.subnets : { "zone-1" : [], "zone-2" : [], "zone-3" : [] }
37-
existing_subnet_ids = each.value.existing_subnet_ids
36+
subnets = length(coalesce(each.value.existing_subnets, [])) == 0 ? each.value.subnets : { "zone-1" : [], "zone-2" : [], "zone-3" : [] }
37+
existing_subnets = each.value.existing_subnets
3838
enable_vpc_flow_logs = (each.value.flow_logs_bucket_name != null) ? true : false
3939
create_authorization_policy_vpc_to_cos = false
4040
existing_storage_bucket_name = (each.value.flow_logs_bucket_name != null) ? ibm_cos_bucket.buckets[each.value.flow_logs_bucket_name].bucket_name : null

variables.tf

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -63,9 +63,16 @@ variable "vpcs" {
6363
description = "A map describing VPCs to be created in this repo."
6464
type = list(
6565
object({
66-
prefix = string # VPC prefix
67-
existing_vpc_id = optional(string)
68-
existing_subnet_ids = optional(list(string))
66+
prefix = string # VPC prefix
67+
existing_vpc_id = optional(string)
68+
existing_subnets = optional(
69+
list(
70+
object({
71+
id = string
72+
public_gateway = optional(bool, false)
73+
})
74+
)
75+
)
6976
resource_group = optional(string) # Name of the group where VPC will be created
7077
access_tags = optional(list(string), [])
7178
classic_access = optional(bool)

0 commit comments

Comments
 (0)