Adds provision flag to create or look up resource (#19)

Sean Sundberg · web-flow · commit 08ff2150ce3a · 2021-04-27T00:16:28.000-05:00
Signed-off-by: Sean Sundberg &lt;seansund@us.ibm.com&gt;
diff --git a/main.tf b/main.tf
@@ -2,21 +2,34 @@
 locals {
   prefix_name       = var.name_prefix != "" ? var.name_prefix : var.resource_group_name
   vpc_name          = lower(replace(var.name != "" ? var.name : "${local.prefix_name}-vpc", "_", "-"))
-  vpc_id            = ibm_is_vpc.vpc.id
-  security_group_id = ibm_is_vpc.vpc.default_security_group
-  crn               = ibm_is_vpc.vpc.resource_crn
+  vpc_id            = data.ibm_is_vpc.vpc.id
+  security_group_id = data.ibm_is_vpc.vpc.default_security_group
+  acl_id            = data.ibm_is_vpc.vpc.default_network_acl
+  crn               = data.ibm_is_vpc.vpc.resource_crn
 }
 
 resource ibm_is_vpc vpc {
+  count = var.provision ? 1 : 0
+
   name                        = local.vpc_name
   resource_group              = var.resource_group_id
   default_security_group_name = "${local.vpc_name}-security-group"
+  default_network_acl_name    = "${local.vpc_name}-acl"
+  default_routing_table_name  = "${local.vpc_name}-routing"
+}
+
+data ibm_is_vpc vpc {
+  depends_on = [ibm_is_vpc.vpc]
+
+  name = local.vpc_name
 }
 
 resource ibm_is_network_acl network_acl {
-  name           = "${local.vpc_name}-acl"
-  vpc            = ibm_is_vpc.vpc.id
+  count      = var.provision ? 1 : 0
+
+  name           = "${local.vpc_name}-acl2"
   resource_group = var.resource_group_id
+  vpc            = data.ibm_is_vpc.vpc.id
 
   rules {
     name        = "egress"
@@ -35,6 +48,8 @@ resource ibm_is_network_acl network_acl {
 }
 
 resource ibm_is_security_group_rule rule_icmp_ping {
+  count = var.provision ? 1 : 0
+
   group     = local.security_group_id
   direction = "inbound"
   remote    = "0.0.0.0/0"
@@ -45,6 +60,8 @@ resource ibm_is_security_group_rule rule_icmp_ping {
 
 # from https://cloud.ibm.com/docs/vpc?topic=vpc-service-endpoints-for-vpc
 resource ibm_is_security_group_rule "cse_dns_1" {
+  count = var.provision ? 1 : 0
+
   group     = local.security_group_id
   direction = "outbound"
   remote    = "161.26.0.10"
@@ -55,6 +72,8 @@ resource ibm_is_security_group_rule "cse_dns_1" {
 }
 
 resource ibm_is_security_group_rule cse_dns_2 {
+  count = var.provision ? 1 : 0
+
   group     = local.security_group_id
   direction = "outbound"
   remote    = "161.26.0.11"
@@ -65,6 +84,8 @@ resource ibm_is_security_group_rule cse_dns_2 {
 }
 
 resource ibm_is_security_group_rule private_dns_1 {
+  count = var.provision ? 1 : 0
+
   group     = local.security_group_id
   direction = "outbound"
   remote    = "161.26.0.7"
@@ -75,6 +96,8 @@ resource ibm_is_security_group_rule private_dns_1 {
 }
 
 resource ibm_is_security_group_rule private_dns_2 {
+  count = var.provision ? 1 : 0
+
   group     = local.security_group_id
   direction = "outbound"
   remote    = "161.26.0.8"
diff --git a/outputs.tf b/outputs.tf
@@ -12,7 +12,7 @@ output "id" {
 }
 
 output "acl_id" {
-  value       = ibm_is_network_acl.network_acl.id
+  value       = local.acl_id
   description = "The id of the network acl"
 }
 
diff --git a/variables.tf b/variables.tf
@@ -29,3 +29,9 @@ variable "ibmcloud_api_key" {
   type        = string
   description = "The IBM Cloud api token"
 }
+
+variable "provision" {
+  type        = bool
+  description = "Flag indicating that the instance should be provisioned. If false then an existing instance will be looked up"
+  default     = true
+}

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ output "id" {`
`12`	`12`	`}`
`13`	`13`
`14`	`14`	`output "acl_id" {`
`15`		`- value = ibm_is_network_acl.network_acl.id`
	`15`	`+ value = local.acl_id`
`16`	`16`	`description = "The id of the network acl"`
`17`	`17`	`}`
`18`	`18`