Skip to content

Commit 45a943d

Browse files
kierramariekierramarie
authored
feat: support for VPN gateway connections is being removed. Current connections, if manually made will not be destroyed on upgrade. However, if connections were created with override.json, they will be removed when upgrading to this version. (#597)
1 parent 49cf4c5 commit 45a943d

File tree

12 files changed

+45
-133
lines changed

12 files changed

+45
-133
lines changed

README.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -872,7 +872,6 @@ module "cluster_pattern" {
872872
| [ibm_is_virtual_endpoint_gateway.endpoint_gateway](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_virtual_endpoint_gateway) | resource |
873873
| [ibm_is_virtual_endpoint_gateway_ip.endpoint_gateway_ip](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_virtual_endpoint_gateway_ip) | resource |
874874
| [ibm_is_vpn_gateway.gateway](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_vpn_gateway) | resource |
875-
| [ibm_is_vpn_gateway_connection.gateway_connection](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_vpn_gateway_connection) | resource |
876875
| [ibm_resource_group.resource_groups](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_group) | resource |
877876
| [ibm_resource_instance.appid](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |
878877
| [ibm_resource_instance.cos](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |
@@ -926,7 +925,7 @@ module "cluster_pattern" {
926925
| <a name="input_virtual_private_endpoints"></a> [virtual\_private\_endpoints](#input\_virtual\_private\_endpoints) | Object describing VPE to be created | <pre>list(<br> object({<br> service_name = string<br> service_type = string<br> resource_group = optional(string)<br> access_tags = optional(list(string), [])<br> vpcs = list(<br> object({<br> name = string<br> subnets = list(string)<br> security_group_name = optional(string)<br> })<br> )<br> })<br> )</pre> | n/a | yes |
927926
| <a name="input_vpc_placement_groups"></a> [vpc\_placement\_groups](#input\_vpc\_placement\_groups) | List of VPC placement groups to create | <pre>list(<br> object({<br> access_tags = optional(list(string), [])<br> name = string<br> resource_group = optional(string)<br> strategy = string<br> })<br> )</pre> | `[]` | no |
928927
| <a name="input_vpcs"></a> [vpcs](#input\_vpcs) | A map describing VPCs to be created in this repo. | <pre>list(<br> object({<br> prefix = string # VPC prefix<br> resource_group = optional(string) # Name of the group where VPC will be created<br> access_tags = optional(list(string), [])<br> classic_access = optional(bool)<br> default_network_acl_name = optional(string)<br> default_security_group_name = optional(string)<br> clean_default_sg_acl = optional(bool, false)<br> default_security_group_rules = optional(<br> list(<br> object({<br> name = string<br> direction = string<br> remote = string<br> tcp = optional(<br> object({<br> port_max = optional(number)<br> port_min = optional(number)<br> })<br> )<br> udp = optional(<br> object({<br> port_max = optional(number)<br> port_min = optional(number)<br> })<br> )<br> icmp = optional(<br> object({<br> type = optional(number)<br> code = optional(number)<br> })<br> )<br> })<br> )<br> )<br> default_routing_table_name = optional(string)<br> flow_logs_bucket_name = optional(string)<br> address_prefixes = optional(<br> object({<br> zone-1 = optional(list(string))<br> zone-2 = optional(list(string))<br> zone-3 = optional(list(string))<br> })<br> )<br> network_acls = list(<br> object({<br> name = string<br> add_ibm_cloud_internal_rules = optional(bool)<br> add_vpc_connectivity_rules = optional(bool)<br> prepend_ibm_rules = optional(bool)<br> rules = list(<br> object({<br> name = string<br> action = string<br> destination = string<br> direction = string<br> source = string<br> tcp = optional(<br> object({<br> port_max = optional(number)<br> port_min = optional(number)<br> source_port_max = optional(number)<br> source_port_min = optional(number)<br> })<br> )<br> udp = optional(<br> object({<br> port_max = optional(number)<br> port_min = optional(number)<br> source_port_max = optional(number)<br> source_port_min = optional(number)<br> })<br> )<br> icmp = optional(<br> object({<br> type = optional(number)<br> code = optional(number)<br> })<br> )<br> })<br> )<br> })<br> )<br> use_public_gateways = object({<br> zone-1 = optional(bool)<br> zone-2 = optional(bool)<br> zone-3 = optional(bool)<br> })<br> subnets = object({<br> zone-1 = list(object({<br> name = string<br> cidr = string<br> public_gateway = optional(bool)<br> acl_name = string<br> }))<br> zone-2 = list(object({<br> name = string<br> cidr = string<br> public_gateway = optional(bool)<br> acl_name = string<br> }))<br> zone-3 = list(object({<br> name = string<br> cidr = string<br> public_gateway = optional(bool)<br> acl_name = string<br> }))<br> })<br> })<br> )</pre> | n/a | yes |
929-
| <a name="input_vpn_gateways"></a> [vpn\_gateways](#input\_vpn\_gateways) | List of VPN Gateways to create. | <pre>list(<br> object({<br> name = string<br> vpc_name = string<br> subnet_name = string # Do not include prefix, use same name as in `var.subnets`<br> mode = optional(string)<br> resource_group = optional(string)<br> access_tags = optional(list(string), [])<br> connections = list(<br> object({<br> peer_address = string<br> preshared_key = string<br> local_cidrs = optional(list(string))<br> peer_cidrs = optional(list(string))<br> admin_state_up = optional(bool)<br> })<br> )<br> })<br> )</pre> | n/a | yes |
928+
| <a name="input_vpn_gateways"></a> [vpn\_gateways](#input\_vpn\_gateways) | List of VPN Gateways to create. | <pre>list(<br> object({<br> name = string<br> vpc_name = string<br> subnet_name = string # Do not include prefix, use same name as in `var.subnets`<br> mode = optional(string)<br> resource_group = optional(string)<br> access_tags = optional(list(string), [])<br> })<br> )</pre> | n/a | yes |
930929
| <a name="input_vsi"></a> [vsi](#input\_vsi) | A list describing VSI workloads to create | <pre>list(<br> object({<br> name = string<br> vpc_name = string<br> subnet_names = list(string)<br> ssh_keys = list(string)<br> image_name = string<br> machine_type = string<br> vsi_per_subnet = number<br> user_data = optional(string)<br> resource_group = optional(string)<br> enable_floating_ip = optional(bool)<br> security_groups = optional(list(string))<br> boot_volume_encryption_key_name = optional(string)<br> access_tags = optional(list(string), [])<br> security_group = optional(<br> object({<br> name = string<br> rules = list(<br> object({<br> name = string<br> direction = string<br> source = string<br> tcp = optional(<br> object({<br> port_max = number<br> port_min = number<br> })<br> )<br> udp = optional(<br> object({<br> port_max = number<br> port_min = number<br> })<br> )<br> icmp = optional(<br> object({<br> type = number<br> code = number<br> })<br> )<br> })<br> )<br> })<br> )<br> block_storage_volumes = optional(list(<br> object({<br> name = string<br> profile = string<br> capacity = optional(number)<br> iops = optional(number)<br> encryption_key = optional(string)<br> })<br> ))<br> load_balancers = optional(list(<br> object({<br> name = string<br> type = string<br> listener_port = number<br> listener_protocol = string<br> connection_limit = number<br> algorithm = string<br> protocol = string<br> health_delay = number<br> health_retries = number<br> health_timeout = number<br> health_type = string<br> pool_member_port = string<br> security_group = optional(<br> object({<br> name = string<br> rules = list(<br> object({<br> name = string<br> direction = string<br> source = string<br> tcp = optional(<br> object({<br> port_max = number<br> port_min = number<br> })<br> )<br> udp = optional(<br> object({<br> port_max = number<br> port_min = number<br> })<br> )<br> icmp = optional(<br> object({<br> type = number<br> code = number<br> })<br> )<br> })<br> )<br> })<br> )<br> })<br> ))<br> })<br> )</pre> | n/a | yes |
931930
| <a name="input_wait_till"></a> [wait\_till](#input\_wait\_till) | To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, and `IngressReady` | `string` | `"IngressReady"` | no |
932931

dynamic_values/config_modules/vpn/vpn.tf

Lines changed: 0 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,6 @@ module "vpn_gateway_map" {
4242
vpc_id = var.vpc_modules[gateway.vpc_name].vpc_id
4343
subnet_id = module.vpn_gateway_subnets[gateway.name].subnets[0].id
4444
mode = gateway.mode
45-
connections = gateway.connections
4645
resource_group = gateway.resource_group
4746
access_tags = lookup(gateway, "access_tags", [])
4847
}
@@ -51,27 +50,6 @@ module "vpn_gateway_map" {
5150

5251
##############################################################################
5352

54-
##############################################################################
55-
# VPN Gateway Connections
56-
##############################################################################
57-
58-
module "vpn_connection_map" {
59-
source = "../list_to_map"
60-
list = flatten([
61-
for gateway in var.vpn_gateways :
62-
[
63-
for connection in gateway.connections :
64-
merge({
65-
gateway_name = gateway.name
66-
connection_name = "${gateway.name}-connection-${index(gateway.connections, connection) + 1}"
67-
}, connection)
68-
]
69-
])
70-
key_name_field = "connection_name"
71-
}
72-
73-
##############################################################################
74-
7553
##############################################################################
7654
# VPN Gateway Outputs
7755
##############################################################################
@@ -81,9 +59,4 @@ output "vpn_gateway_map" {
8159
value = module.vpn_gateway_map.value
8260
}
8361

84-
output "vpn_connection_map" {
85-
description = "Connection map for VPN"
86-
value = module.vpn_connection_map.value
87-
}
88-
8962
##############################################################################

dynamic_values/outputs.tf

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -119,12 +119,6 @@ output "vpn_gateway_map" {
119119
value = module.vpn.vpn_gateway_map
120120
}
121121

122-
123-
output "vpn_connection_map" {
124-
description = "Map of VPN gateway connections"
125-
value = module.vpn.vpn_connection_map
126-
}
127-
128122
##############################################################################
129123

130124

dynamic_values/vpn.tf

Lines changed: 3 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -32,13 +32,6 @@ module "ut_vpn" {
3232
}
3333
vpn_gateways = [
3434
{
35-
connections = [{
36-
peer_address = "test-peer-address"
37-
preshared_key = "preshared_key"
38-
local_cidrs = ["cidr1"]
39-
peer_cidrs = ["cidr2"]
40-
admin_state_up = true
41-
}]
4235
name = "test-gateway",
4336
resource_group = "test-rg"
4437
subnet_name = "vpn-zone-1"
@@ -49,11 +42,9 @@ module "ut_vpn" {
4942
}
5043

5144
locals {
52-
assert_vpn_gateway_exists_in_map = lookup(module.ut_vpn.vpn_gateway_map, "test-gateway")
53-
assert_vpn_gateway_correct_vpc_id = regex("1234", module.ut_vpn.vpn_gateway_map["test-gateway"].vpc_id)
54-
assert_vpn_gateway_correct_subnet_id = regex("vpn-id", module.ut_vpn.vpn_gateway_map["test-gateway"].subnet_id)
55-
assert_vpn_connection_correct_gateway_name = regex("test-gateway", module.ut_vpn.vpn_connection_map["test-gateway-connection-1"].gateway_name)
56-
assert_vpn_connection_correct_preshared_key = regex("preshared_key", module.ut_vpn.vpn_connection_map["test-gateway-connection-1"].preshared_key)
45+
assert_vpn_gateway_exists_in_map = lookup(module.ut_vpn.vpn_gateway_map, "test-gateway")
46+
assert_vpn_gateway_correct_vpc_id = regex("1234", module.ut_vpn.vpn_gateway_map["test-gateway"].vpc_id)
47+
assert_vpn_gateway_correct_subnet_id = regex("vpn-id", module.ut_vpn.vpn_gateway_map["test-gateway"].subnet_id)
5748
}
5849

5950
##############################################################################

0 commit comments

Comments
 (0)