Splits subnet and gateway logic out of vpc module (#14)

Signed-off-by: Sean Sundberg <[email protected]>

Author: Sean Sundberg

.github/scripts/validate-deploy.sh

@@ -6,20 +6,14 @@ echo "terraform.tfvars"
 cat terraform.tfvars
 
 PREFIX_NAME=$(cat terraform.tfvars | grep name_prefix | sed "s/name_prefix=//g" | sed 's/"//g' | sed "s/_/-/g")
-PUBLIC_GATEWAY=$(cat terraform.tfvars | grep vpc_public_gateway | sed "s/vpc_public_gateway=//g" | sed 's/"//g')
 REGION=$(cat terraform.tfvars | grep -E "^region" | sed "s/region=//g" | sed 's/"//g')
 RESOURCE_GROUP_NAME=$(cat terraform.tfvars | grep resource_group_name | sed "s/resource_group_name=//g" | sed 's/"//g')
 
 echo "PREFIX_NAME: ${PREFIX_NAME}"
-echo "PUBLIC_GATEWAY: ${PUBLIC_GATEWAY}"
 echo "REGION: ${REGION}"
 echo "RESOURCE_GROUP_NAME: ${RESOURCE_GROUP_NAME}"
 echo "IBMCLOUD_API_KEY: ${IBMCLOUD_API_KEY}"
 
-if [[ -z "${PUBLIC_GATEWAY}" ]]; then
-  PUBLIC_GATEWAY="false"
-fi
-
 VPC_NAME="${PREFIX_NAME}-vpc"
 
 ibmcloud login -r "${REGION}" -g "${RESOURCE_GROUP_NAME}" --apikey "${IBMCLOUD_API_KEY}"
@@ -33,33 +27,10 @@ if [[ -z "${VPC_ID}" ]]; then
 fi
 
 echo "Retrieving VPC info for id: ${VPC_ID}"
+ibmcloud is vpc "${VPC_ID}"
 if ! ibmcloud is vpc "${VPC_ID}"; then
   echo "Unable to find vpc for id: ${VPC_ID}"
   exit 1
 fi
 
-echo "Retrieving VPC subnets for VPC: ${VPC_NAME}"
-ibmcloud is subnets | grep "${VPC_NAME}"
-SUBNETS=$(ibmcloud is subnets | grep "${VPC_NAME}")
-
-if [[ -z "${SUBNETS}" ]]; then
-  echo "Subnets not found: ${VPC_NAME}"
-  exit 1
-fi
-
-echo "Retrieving public gateways for VPC: ${VPC_NAME}"
-ibmcloud is pubgws | grep "${VPC_NAME}"
-PGS=$(ibmcloud is pubgws | grep "${VPC_NAME}")
-
-if [[ "${PUBLIC_GATEWAY}" == "true" ]] && [[ -z "${PGS}" ]]; then
-  echo "Public gateways not found: ${VPC_NAME}"
-  exit 1
-elif [[ "${PUBLIC_GATEWAY}" == "false" ]] && [[ -n "${PGS}" ]]; then
-  echo "Public gateways found: ${VPC_NAME}"
-  exit 1
-fi
-
-cat "./subnet_label_counts.json" | jq '.'
-cat "./subnets.json" | jq '.'
-
 exit 0

.github/workflows/verify.yaml

@@ -19,7 +19,6 @@ jobs:
       matrix:
         platform:
           - vpc_count
-          - vpc_subnets
       fail-fast: false
 
     env:

README.md

@@ -3,11 +3,8 @@
 Provisions a VPC instance and related resources. The full list of resources provisioned is as follows:
 
 - VPC instance
-- VPC public gateway (if `public_gateway` is `true`)
 - VPC network acl
-- VPC subnet (number of instances based on `subnet_count`)
 - VPC security group rules
-    - *k8s* - tcp ports `30000`-`32767`
     - *ping* - icmp type 8
     - *public dns* - `161.26.0.10` and `161.26.0.11`
     - *private dns* - `161.26.0.7` and `161.26.0.8`
@@ -18,27 +15,26 @@ The module depends on the following software components:
 
 ### Command-line tools
 
-- terraform - v12
+- terraform - v13
 
 ### Terraform providers
 
-- IBM Cloud provider >= 1.8.1
+- IBM Cloud provider >= 1.22.0
 
 ## Module dependencies
 
-None
+- Resource group - github.com/cloud-native-toolkit/terraform-ibm-resource-group.git
 
 ## Example usage
 
 ```hcl-terraform
 module "dev_vpc" {
-  source = "github.com/cloud-native-toolkit/terraform-ibm-vpc.git?ref=v1.1.0"
-
-  resource_group_name = var.resource_group_name
+  source = "github.com/cloud-native-toolkit/terraform-ibm-vpc.git"
+  
+  resource_group_id   = module.resource_group.id
+  resource_group_name = module.resource_group.name
   region              = var.region
   name_prefix         = var.name_prefix
   ibmcloud_api_key    = var.ibmcloud_api_key
-  subnet_count        = var.vpc_subnet_count
-  public_gateway      = var.vpc_public_gateway == "true"
 }
 ```

main.tf

@@ -1,70 +1,21 @@
 
 locals {
-  zone_count        = 3
-  subnet_count      = length(var.subnets) > 0 ? length(var.subnets) : var.subnet_count
-  vpc_zone_names    = [ for index in range(local.subnet_count): "${var.region}-${(index % local.zone_count) + 1}" ]
   prefix_name       = var.name_prefix != "" ? var.name_prefix : var.resource_group_name
   vpc_name          = lower(replace(var.name != "" ? var.name : "${local.prefix_name}-vpc", "_", "-"))
   vpc_id            = ibm_is_vpc.vpc.id
-  subnet_ids        = ibm_is_subnet.vpc_subnet[*].id
-  gateway_ids       = var.public_gateway ? ibm_is_public_gateway.vpc_gateway[*].id : [ for val in range(local.zone_count): "" ]
   security_group_id = ibm_is_vpc.vpc.default_security_group
-  ipv4_cidr_blocks  = ibm_is_subnet.vpc_subnet[*].ipv4_cidr_block
-  distinct_subnet_labels = distinct([ for val in var.subnets: val.label ])
-  # creates an intermediate object where the key is the label and the value is an array of labels, one for each appearance
-  # e.g. [{label = "basic"}, {label = "basic"}, {label = "test"}] would yield {basic = ["basic", "basic"], test = ["test"]}
-  subnet_labels_tmp = { for subnet in var.subnets: subnet.label => subnet.label... }
-  # creates an object where the key is the label and the value is number of times the label appears in the original list
-  # e.g. {basic = ["basic", "basic"], test = ["test"]} would yield {basic = 2, test = 1}
-  subnet_label_counts = length(var.subnets) > 0 ? [ for val in local.distinct_subnet_labels:
-        {
-          label = val
-          count = length(local.subnet_labels_tmp[val])
-        } ] : [ {
-          label = "default"
-          count = local.subnet_count
-      } ]
-}
-
-resource null_resource print_names {
-  provisioner "local-exec" {
-    command = "echo 'Resource group: ${var.resource_group_name}'"
-  }
-  provisioner "local-exec" {
-    command = "echo 'Subnets: ${jsonencode(local.subnet_labels_tmp)}'"
-  }
-}
-
-data ibm_resource_group resource_group {
-  depends_on = [null_resource.print_names]
-
-  name = var.resource_group_name
 }
 
 resource ibm_is_vpc vpc {
   name                        = local.vpc_name
-  resource_group              = data.ibm_resource_group.resource_group.id
+  resource_group              = var.resource_group_id
   default_security_group_name = "${local.vpc_name}-security-group"
 }
 
-resource ibm_is_public_gateway vpc_gateway {
-  count = var.public_gateway ? min(local.zone_count, local.subnet_count) : 0
-
-  name           = "${local.vpc_name}-gateway-${format("%02s", count.index)}"
-  vpc            = local.vpc_id
-  zone           = local.vpc_zone_names[count.index]
-  resource_group = data.ibm_resource_group.resource_group.id
-
-  //User can configure timeouts
-  timeouts {
-    create = "90m"
-  }
-}
-
 resource ibm_is_network_acl network_acl {
   name           = "${local.vpc_name}-acl"
   vpc            = ibm_is_vpc.vpc.id
-  resource_group = data.ibm_resource_group.resource_group.id
+  resource_group = var.resource_group_id
 
   rules {
     name        = "egress"
@@ -82,37 +33,6 @@ resource ibm_is_network_acl network_acl {
   }
 }
 
-resource ibm_is_subnet vpc_subnet {
-  count                    = local.subnet_count
-
-  name                     = "${local.vpc_name}-subnet-${format("%02s", count.index)}"
-  zone                     = local.vpc_zone_names[count.index]
-  vpc                      = local.vpc_id
-  public_gateway           = local.gateway_ids[count.index % local.zone_count]
-  total_ipv4_address_count = 256
-  resource_group           = data.ibm_resource_group.resource_group.id
-  network_acl              = ibm_is_network_acl.network_acl.id
-}
-
-data ibm_is_subnet vpc_subnet {
-  count      = local.subnet_count
-
-  identifier = ibm_is_subnet.vpc_subnet[count.index].id
-}
-
-resource ibm_is_security_group_rule rule_tcp_k8s {
-  count     = local.subnet_count
-
-  group     = local.security_group_id
-  direction = "inbound"
-  remote    = local.ipv4_cidr_blocks[count.index]
-
-  tcp {
-    port_min = 30000
-    port_max = 32767
-  }
-}
-
 resource ibm_is_security_group_rule rule_icmp_ping {
   group     = local.security_group_id
   direction = "inbound"

module.yaml

@@ -7,14 +7,18 @@ tags:
 versions:
 - platforms: []
   dependencies:
-    - id: resource_group
+    - id: resource-group
       refs:
         - source: github.com/cloud-native-toolkit/terraform-ibm-resource-group
           version: ">= 2.1.0"
   variables:
+    - name: resource_group_id
+      moduleRef:
+        id: resource-group
+        output: id
     - name: resource_group_name
       moduleRef:
-        id: resource_group
+        id: resource-group
         output: name
     - name: region
       scope: global
@@ -24,9 +28,3 @@ versions:
       scope: global
     - name: ibmcloud_api_key
       scope: global
-    - name: subnet_count
-      scope: ignore
-    - name: subnets
-      scope: module
-    - name: public_gateway
-      scope: module

outputs.tf

@@ -1,47 +1,17 @@
 
 output "name" {
   value       = local.vpc_name
-  depends_on  = [ibm_is_subnet.vpc_subnet]
+  depends_on  = [ibm_is_vpc.vpc]
   description = "The name of the vpc instance"
 }
 
 output "id" {
   value       = local.vpc_id
-  depends_on  = [ibm_is_subnet.vpc_subnet]
+  depends_on  = [ibm_is_vpc.vpc]
   description = "The id of the vpc instance"
 }
 
-output "subnet_count" {
-  value       = local.subnet_count
-  description = "The total number of subnets for the vpc"
-}
-
-output "subnet_label_counts" {
-  value       = local.subnet_label_counts
-  description = "The number of subnets for each label. e.g. [{label = 'default', count = 2}, {label = 'test', count = 1}]"
-}
-
-output "zone_names" {
-  value       = local.vpc_zone_names
-  depends_on  = [ibm_is_subnet.vpc_subnet]
-  description = "The list of zone names that into which subnets were created"
-}
-
-output "subnet_ids" {
-  value       = local.subnet_ids
-  depends_on  = [ibm_is_subnet.vpc_subnet]
-  description = "The list of subnet ids"
-}
-
-output "subnets" {
-  value       = [
-    for subnet in data.ibm_is_subnet.vpc_subnet:
-    {
-      id    = subnet.id
-      zone  = subnet.zone
-      label = length(var.subnets) > 0 ? element(var.subnets, index(data.ibm_is_subnet.vpc_subnet[*].id, subnet.id)).label : "default"
-    }
-  ]
-  depends_on  = [ibm_is_subnet.vpc_subnet]
-  description = "List of subnet objects that contain the subnet id and label, e.g. [{label='', id=''}]"
+output "acl_id" {
+  value       = ibm_is_network_acl.network_acl.id
+  description = "The id of the network acl"
 }

test/stages/print-module/main.tf

@@ -2,5 +2,5 @@ module "resource_group" {
   source = "github.com/cloud-native-toolkit/terraform-ibm-resource-group.git"
 
   resource_group_name = var.resource_group_name
-  provision           = true
+  provision           = false
 }

test/stages/print-module/variables.tf

@@ -1,11 +1,9 @@
 module "dev_vpc" {
   source = "./module"
 
+  resource_group_id   = module.resource_group.id
   resource_group_name = module.resource_group.name
   region              = var.region
   name_prefix         = var.name_prefix
   ibmcloud_api_key    = var.ibmcloud_api_key
-  subnet_count        = var.vpc_subnet_count
-  subnets             = jsondecode(var.vpc_subnets)
-  public_gateway      = var.vpc_public_gateway == "true"
 }