feat: exposed new boolean variable transit_gateway_global which allows you to enable connecting to the networks outside the associated region (only applicable if transit gateway is enabled) (#570)

Author: akocbek

README.md

@@ -981,6 +981,7 @@ statement instead the previous block.
 | <a name="input_teleport_config_data"></a> [teleport\_config\_data](#input\_teleport\_config\_data) | Teleport config data. This is used to create a single template for all teleport instances to use. Creating a single template allows for values to remain sensitive | <pre>object({<br>    teleport_license   = optional(string)<br>    https_cert         = optional(string)<br>    https_key          = optional(string)<br>    domain             = optional(string)<br>    cos_bucket_name    = optional(string)<br>    cos_key_name       = optional(string)<br>    teleport_version   = optional(string)<br>    message_of_the_day = optional(string)<br>    hostname           = optional(string)<br>    app_id_key_name    = optional(string)<br>    claims_to_roles = optional(<br>      list(<br>        object({<br>          email = string<br>          roles = list(string)<br>        })<br>      )<br>    )<br>  })</pre> | `null` | no |
 | <a name="input_teleport_vsi"></a> [teleport\_vsi](#input\_teleport\_vsi) | A list of teleport vsi deployments | <pre>list(<br>    object(<br>      {<br>        name                            = string<br>        vpc_name                        = string<br>        resource_group                  = optional(string)<br>        subnet_name                     = string<br>        ssh_keys                        = list(string)<br>        boot_volume_encryption_key_name = string<br>        image_name                      = string<br>        machine_type                    = string<br>        access_tags                     = optional(list(string), [])<br>        security_groups                 = optional(list(string))<br>        security_group = optional(<br>          object({<br>            name = string<br>            rules = list(<br>              object({<br>                name      = string<br>                direction = string<br>                source    = string<br>                tcp = optional(<br>                  object({<br>                    port_max = number<br>                    port_min = number<br>                  })<br>                )<br>                udp = optional(<br>                  object({<br>                    port_max = number<br>                    port_min = number<br>                  })<br>                )<br>                icmp = optional(<br>                  object({<br>                    type = number<br>                    code = number<br>                  })<br>                )<br>              })<br>            )<br>          })<br>        )<br><br><br>      }<br>    )<br>  )</pre> | `[]` | no |
 | <a name="input_transit_gateway_connections"></a> [transit\_gateway\_connections](#input\_transit\_gateway\_connections) | Transit gateway vpc connections. Will only be used if transit gateway is enabled. | `list(string)` | n/a | yes |
+| <a name="input_transit_gateway_global"></a> [transit\_gateway\_global](#input\_transit\_gateway\_global) | Connect to the networks outside the associated region. Will only be used if transit gateway is enabled. | `bool` | `false` | no |
 | <a name="input_transit_gateway_resource_group"></a> [transit\_gateway\_resource\_group](#input\_transit\_gateway\_resource\_group) | Name of resource group to use for transit gateway. Must be included in `var.resource_group` | `string` | n/a | yes |
 | <a name="input_virtual_private_endpoints"></a> [virtual\_private\_endpoints](#input\_virtual\_private\_endpoints) | Object describing VPE to be created | <pre>list(<br>    object({<br>      service_name   = string<br>      service_type   = string<br>      resource_group = optional(string)<br>      access_tags    = optional(list(string), [])<br>      vpcs = list(<br>        object({<br>          name                = string<br>          subnets             = list(string)<br>          security_group_name = optional(string)<br>        })<br>      )<br>    })<br>  )</pre> | n/a | yes |
 | <a name="input_vpc_placement_groups"></a> [vpc\_placement\_groups](#input\_vpc\_placement\_groups) | List of VPC placement groups to create | <pre>list(<br>    object({<br>      access_tags    = optional(list(string), [])<br>      name           = string<br>      resource_group = optional(string)<br>      strategy       = string<br>    })<br>  )</pre> | `[]` | no |

examples/one-vpc-one-vsi/override.json

@@ -1,5 +1,6 @@
 {
     "enable_transit_gateway": false,
+    "transit_gateway_global": false,
     "virtual_private_endpoints": [],
     "service_endpoints": "private",
     "security_groups": [],

examples/override-example/override.json

@@ -11,6 +11,7 @@
     },
     "clusters": [],
     "enable_transit_gateway": true,
+    "transit_gateway_global": false,
     "transit_gateway_connections": [
       "management",
       "workload",

module-metadata.json

@@ -11,7 +11,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 1117
+        "line": 1123
       }
     },
     "add_kms_block_storage_s2s": {
@@ -25,7 +25,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 1482
+        "line": 1488
       }
     },
     "appid": {
@@ -42,7 +42,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 873
+        "line": 879
       }
     },
     "atracker": {
@@ -56,7 +56,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 752
+        "line": 758
       }
     },
     "clusters": {
@@ -69,7 +69,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 768
+        "line": 774
       }
     },
     "cos": {
@@ -82,7 +82,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 481
+        "line": 487
       }
     },
     "enable_transit_gateway": {
@@ -112,7 +112,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 1386
+        "line": 1392
       }
     },
     "f5_vsi": {
@@ -125,7 +125,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 1249
+        "line": 1255
       }
     },
     "iam_account_settings": {
@@ -149,7 +149,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 1011
+        "line": 1017
       }
     },
     "ibmcloud_api_key": {
@@ -177,7 +177,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 706
+        "line": 712
       }
     },
     "network_cidr": {
@@ -309,7 +309,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 1432
+        "line": 1438
       }
     },
     "security_groups": {
@@ -322,7 +322,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 383
+        "line": 389
       }
     },
     "service_endpoints": {
@@ -332,7 +332,7 @@
       "default": "private",
       "pos": {
         "filename": "variables.tf",
-        "line": 695
+        "line": 701
       }
     },
     "ssh_keys": {
@@ -345,7 +345,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 237
+        "line": 243
       }
     },
     "tags": {
@@ -409,7 +409,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 917
+        "line": 923
       }
     },
     "teleport_vsi": {
@@ -422,7 +422,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 943
+        "line": 949
       }
     },
     "transit_gateway_connections": {
@@ -432,7 +432,20 @@
       "required": true,
       "pos": {
         "filename": "variables.tf",
-        "line": 226
+        "line": 232
+      }
+    },
+    "transit_gateway_global": {
+      "name": "transit_gateway_global",
+      "type": "bool",
+      "description": "Connect to the networks outside the associated region. Will only be used if transit gateway is enabled.",
+      "default": false,
+      "source": [
+        "ibm_tg_gateway.transit_gateway.global"
+      ],
+      "pos": {
+        "filename": "variables.tf",
+        "line": 221
       }
     },
     "transit_gateway_resource_group": {
@@ -442,7 +455,7 @@
       "required": true,
       "pos": {
         "filename": "variables.tf",
-        "line": 221
+        "line": 227
       }
     },
     "virtual_private_endpoints": {
@@ -455,7 +468,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 455
+        "line": 461
       }
     },
     "vpc_placement_groups": {
@@ -468,7 +481,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 1450
+        "line": 1456
       }
     },
     "vpcs": {
@@ -507,7 +520,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 270
+        "line": 276
       }
     },
     "wait_till": {
@@ -520,7 +533,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 852
+        "line": 858
       }
     }
   },
@@ -1307,6 +1320,7 @@
       "name": "transit_gateway",
       "attributes": {
         "count": "enable_transit_gateway",
+        "global": "transit_gateway_global",
         "location": "region",
         "name": "prefix"
       },

patterns/mixed/config.tf

@@ -177,6 +177,7 @@ locals {
     resource_groups                = module.dynamic_values.resource_groups
     vpcs                           = module.dynamic_values.vpcs
     enable_transit_gateway         = var.enable_transit_gateway
+    transit_gateway_global         = var.transit_gateway_global
     transit_gateway_resource_group = "${var.prefix}-service-rg"
     transit_gateway_connections    = module.dynamic_values.vpc_list
     object_storage                 = module.dynamic_values.object_storage
@@ -287,6 +288,7 @@ locals {
     vpcs                           = lookup(local.override[local.override_type], "vpcs", local.config.vpcs)
     vpn_gateways                   = lookup(local.override[local.override_type], "vpn_gateways", local.config.vpn_gateways)
     enable_transit_gateway         = lookup(local.override[local.override_type], "enable_transit_gateway", local.config.enable_transit_gateway)
+    transit_gateway_global         = lookup(local.override[local.override_type], "transit_gateway_global", local.config.transit_gateway_global)
     transit_gateway_resource_group = lookup(local.override[local.override_type], "transit_gateway_resource_group", local.config.transit_gateway_resource_group)
     transit_gateway_connections    = lookup(local.override[local.override_type], "transit_gateway_connections", local.config.transit_gateway_connections)
     ssh_keys                       = lookup(local.override[local.override_type], "ssh_keys", local.ssh_keys)

patterns/mixed/main.tf

@@ -25,6 +25,7 @@ module "landing_zone" {
   vpcs                           = local.env.vpcs
   vpn_gateways                   = local.env.vpn_gateways
   enable_transit_gateway         = local.env.enable_transit_gateway
+  transit_gateway_global         = local.env.transit_gateway_global
   transit_gateway_resource_group = local.env.transit_gateway_resource_group
   transit_gateway_connections    = local.env.transit_gateway_connections
   ssh_keys                       = local.env.ssh_keys

patterns/mixed/override.json

@@ -90,6 +90,7 @@
         }
     ],
     "enable_transit_gateway": true,
+    "transit_gateway_global": false,
     "key_management": {
         "keys": [
             {

patterns/mixed/variables.tf

@@ -78,6 +78,12 @@ variable "enable_transit_gateway" {
   default     = true
 }
 
+variable "transit_gateway_global" {
+  description = "Connect to the networks outside the associated region. Will only be used if transit gateway is enabled."
+  type        = bool
+  default     = false
+}
+
 variable "add_atracker_route" {
   description = "Atracker can only have one route per zone. use this value to disable or enable the creation of atracker route"
   type        = bool

patterns/roks/main.tf

@@ -29,6 +29,7 @@ module "roks_landing_zone" {
   network_cidr                        = var.network_cidr
   vpcs                                = var.vpcs
   enable_transit_gateway              = var.enable_transit_gateway
+  transit_gateway_global              = var.transit_gateway_global
   ssh_public_key                      = var.ssh_public_key
   update_all_workers                  = var.update_all_workers
   existing_ssh_key_name               = var.existing_ssh_key_name

patterns/roks/module/config.tf

@@ -156,6 +156,7 @@ locals {
     resource_groups                = module.dynamic_values.resource_groups
     vpcs                           = module.dynamic_values.vpcs
     enable_transit_gateway         = var.enable_transit_gateway
+    transit_gateway_global         = var.transit_gateway_global
     transit_gateway_resource_group = "${var.prefix}-service-rg"
     transit_gateway_connections    = module.dynamic_values.vpc_list
     object_storage                 = module.dynamic_values.object_storage
@@ -267,6 +268,7 @@ locals {
     vpcs                           = lookup(local.override[local.override_type], "vpcs", local.config.vpcs)
     vpn_gateways                   = lookup(local.override[local.override_type], "vpn_gateways", local.config.vpn_gateways)
     enable_transit_gateway         = lookup(local.override[local.override_type], "enable_transit_gateway", local.config.enable_transit_gateway)
+    transit_gateway_global         = lookup(local.override[local.override_type], "transit_gateway_global", local.config.transit_gateway_global)
     transit_gateway_resource_group = lookup(local.override[local.override_type], "transit_gateway_resource_group", local.config.transit_gateway_resource_group)
     transit_gateway_connections    = lookup(local.override[local.override_type], "transit_gateway_connections", local.config.transit_gateway_connections)
     ssh_keys                       = lookup(local.override[local.override_type], "ssh_keys", local.config.ssh_keys)