Skip to content

Commit

Permalink
refactor and test configs
Browse files Browse the repository at this point in the history
  • Loading branch information
@johnricords
johnricords committed Nov 15, 2023
1 parent a797fba commit a473313
Show file tree
Hide file tree
Showing 52 changed files with 498 additions and 849 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,7 @@ on:
jobs:
release:
uses: plus3it/actions-workflows/.github/workflows/release.yml@93a9326e07945e5441d0fadef735563290edd729
with:
mockstacktest-enable: false
secrets:
release-token: ${{ secrets.GH_RELEASES_TOKEN }}
27 changes: 16 additions & 11 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
# terraform-aws-tardigrade-vpc-ipam

## POOLS variable
It is important that you specify the `ipam_scope_name` attribute to match either "public_default_scope", "private_default_scope", or exact match to your `vpc_ipam.scopes.name` input on the first module call. Once you've created your scopes by name, then you can reference by id in subsequent module calls. You may also provide `ipam_scope_id` instead of `ipam_scope_name`. The two are mutually exclusive, do not provide both.

Managing a hierarchy of pools can be a bit tricky. You'll need to call the module successively to build up the structure, chaining the outputs together.

<!-- BEGIN TFDOCS -->
## Requirements

Expand All @@ -8,29 +15,27 @@

## Providers

No providers.
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.40.0 |

## Resources

No resources.
| Name | Type |
|------|------|

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_ipam"></a> [ipam](#input\_ipam) | Object of inputs for IPAM resources | <pre>object({<br> region_name = optional(string)<br> tags = optional(map(string))<br> cascade = optional(bool)<br> })</pre> | `{}` | no |
| <a name="input_pool"></a> [pool](#input\_pool) | Object of inputs for Pool resources | <pre>object({<br> address_family = optional(string)<br> allocation_default_netmask_length = optional(number)<br> allocation_max_netmask_length = optional(number)<br> allocation_min_netmask_length = optional(number)<br> allocation_resource_tags = optional(map(string))<br> auto_import = optional(bool)<br> aws_service = optional(bool)<br> ipam_scope_id = optional(string)<br> locale = optional(string)<br> publicly_advertisable = optional(bool)<br> public_ip_source = optional(string)<br> source_ipam_pool_id = optional(string)<br> tags = optional(map(string))<br> })</pre> | `{}` | no |
| <a name="input_pool_cidr"></a> [pool\_cidr](#input\_pool\_cidr) | Object of inputs for Pool CIDR resources | <pre>object({<br> cidr = optional(string)<br> cidr_authorization_context_message = optional(string)<br> cidr_authorization_context_signature = optional(string)<br> ipam_pool_id = optional(string)<br> netmask_length = optional(number)<br> })</pre> | `{}` | no |
| <a name="input_pool_cidr_allocation"></a> [pool\_cidr\_allocation](#input\_pool\_cidr\_allocation) | Object of inputs for Pool CIDR Allocation resources | <pre>object({<br> cidr = optional(string)<br> disallowed_cidrs = optional(list(string))<br> ipam_pool_id = optional(string)<br> netmask_length = optional(number)<br> })</pre> | `{}` | no |
| <a name="input_preview_next_cidr"></a> [preview\_next\_cidr](#input\_preview\_next\_cidr) | Object of inputs for Preview Next CIDR resources | <pre>object({<br> disallowed_cidrs = optional(list(string))<br> ipam_pool_id = optional(string)<br> netmask_length = optional(number)<br> })</pre> | `{}` | no |
| <a name="input_resource_discovery"></a> [resource\_discovery](#input\_resource\_discovery) | Object of inputs for Resource Discovery resources | <pre>object({<br> region_name = optional(string)<br> tags = optional(map(string))<br> })</pre> | `{}` | no |
| <a name="input_resource_discovery_association"></a> [resource\_discovery\_association](#input\_resource\_discovery\_association) | Object of inputs for Resource Discovery Association resources | <pre>object({<br> ipam_id = optional(string)<br> ipam_resource_discovery_id = optional(string)<br> tags = optional(map(string))<br> })</pre> | `{}` | no |
| <a name="input_scope"></a> [scope](#input\_scope) | Object of inputs for Scope resources | <pre>object({<br> ipam_id = optional(string)<br> tags = optional(map(string))<br> })</pre> | `{}` | no |
| <a name="input_vpc_ipam"></a> [vpc\_ipam](#input\_vpc\_ipam) | Object of inputs for all IPAM configuration resources | <pre>object({<br> ipam = optional(object({<br> operating_regions = list(object({<br> region_name = string<br> }))<br> tags = optional(map(string))<br> cascade = optional(bool)<br> description = optional(string)<br> }))<br> pools = optional(list(object({<br> name = string<br> address_family = optional(string)<br> allocation_default_netmask_length = optional(number)<br> allocation_max_netmask_length = optional(number)<br> allocation_min_netmask_length = optional(number)<br> allocation_resource_tags = optional(map(string))<br> auto_import = optional(bool)<br> aws_service = optional(bool)<br> description = optional(string)<br> ipam_scope_name = optional(string)<br> ipam_scope_id = optional(string)<br> locale = optional(string)<br> publicly_advertisable = optional(bool)<br> public_ip_source = optional(string)<br> source_ipam_pool_id = optional(string)<br> tags = optional(map(string))<br> })), [])<br> pool_cidrs = optional(list(object({<br> name = string<br> cidr = optional(string)<br> cidr_authorization_context = optional(object({<br> cidr_authorization_context_message = optional(string)<br> cidr_authorization_context_signature = optional(string)<br> }))<br> ipam_pool_id = string<br> netmask_length = optional(number)<br> })), [])<br> pool_cidr_allocations = optional(list(object({<br> cidr = optional(string)<br> description = optional(string)<br> disallowed_cidrs = optional(list(string))<br> ipam_pool_id = string<br> netmask_length = optional(number)<br> })), [])<br> preview_next_cidr = optional(object({<br> disallowed_cidrs = optional(list(string))<br> ipam_pool_id = string<br> netmask_length = optional(number)<br> }))<br> scopes = optional(list(object({<br> name = string<br> description = optional(string)<br> tags = optional(map(string))<br> })), [])<br> })</pre> | n/a | yes |

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_ipam"></a> [ipam](#output\_ipam) | Object of all AWS VPC IPAM |
| <a name="output_ipam_out"></a> [ipam\_out](#output\_ipam\_out) | Object of all AWS VPC IPAM |
| <a name="output_pool_out"></a> [pool\_out](#output\_pool\_out) | map of objects |
| <a name="output_scope"></a> [scope](#output\_scope) | Object of VPC IPAM scope |

<!-- END TFDOCS -->
141 changes: 89 additions & 52 deletions main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,65 +1,102 @@
module "ipam" {
source = "./modules/ipam"
tags = var.ipam.tags
cascade = var.ipam.cascade
}
resource "aws_vpc_ipam" "this" {
count = var.vpc_ipam.ipam != null ? 1 : 0

module "vpc_ipam_pool" {
source = "./modules/pool"
address_family = var.pool.address_family
allocation_default_netmask_length = var.pool.allocation_default_netmask_length
allocation_max_netmask_length = var.pool.allocation_max_netmask_length
allocation_min_netmask_length = var.pool.allocation_min_netmask_length
allocation_resource_tags = var.pool.allocation_resource_tags
auto_import = var.pool.auto_import
aws_service = var.pool.aws_service
ipam_scope_id = var.pool.ipam_scope_id
locale = var.pool.locale
publicly_advertisable = var.pool.publicly_advertisable
public_ip_source = var.pool.public_ip_source
source_ipam_pool_id = var.pool.source_ipam_pool_id
tags = var.pool.tags
description = var.vpc_ipam.ipam.description
dynamic "operating_regions" {
for_each = var.vpc_ipam.ipam.operating_regions
content {
region_name = operating_regions.value.region_name
}
}
tags = var.vpc_ipam.ipam.tags
cascade = var.vpc_ipam.ipam.cascade
}

module "vpc_ipam_pool_cidr" {
source = "./modules/pool-cidr"
cidr = var.pool_cidr.cidr
cidr_authorization_context_message = var.pool_cidr.cidr_authorization_context_message
cidr_authorization_context_signature = var.pool_cidr.cidr_authorization_context_signature
ipam_pool_id = var.pool_cidr.ipam_pool_id
netmask_length = var.pool_cidr.netmask_length
}
resource "aws_vpc_ipam_pool" "this" {
for_each = { for pool in var.vpc_ipam.pools : pool.name => pool }

address_family = try(lower(each.value.address_family), null)
allocation_default_netmask_length = each.value.allocation_default_netmask_length
allocation_max_netmask_length = each.value.allocation_max_netmask_length
allocation_min_netmask_length = each.value.allocation_min_netmask_length
allocation_resource_tags = each.value.allocation_resource_tags
auto_import = each.value.auto_import
aws_service = try(lower(each.value.aws_service), null)
description = each.value.description
ipam_scope_id = coalesce(
each.value.ipam_scope_name == "private_default_scope" ? aws_vpc_ipam.this[0].private_default_scope_id : null,
each.value.ipam_scope_name == "public_default_scope" ? aws_vpc_ipam.this[0].public_default_scope_id : null,
try(aws_vpc_ipam_scope.this[each.value.ipam_scope_name].id, null),
each.value.ipam_scope_id,
)
locale = try(lower(each.value.locale), null)
publicly_advertisable = each.value.publicly_advertisable
public_ip_source = each.value.public_ip_source
source_ipam_pool_id = each.value.source_ipam_pool_id
tags = each.value.tags

module "vpc_ipam_pool_cidr_allocation" {
source = "./modules/pool-cidr-allocation"
cidr = var.pool_cidr_allocation.cidr
disallowed_cidrs = var.pool_cidr_allocation.disallowed_cidrs
ipam_pool_id = var.pool_cidr_allocation.ipam_pool_id
netmask_length = var.pool_cidr_allocation.netmask_length
lifecycle {
precondition {
condition = each.value.ipam_scope_name != "" && each.value.ipam_scope_id != ""
error_message = "You can't create a scope with both a name and an ID"
}
}
}

module "vpc_ipam_resource_discovery" {
source = "./modules/resource-discovery"
region_name = var.resource_discovery.region_name
tags = var.resource_discovery.tags
resource "aws_vpc_ipam_pool_cidr" "this" {
for_each = { for cidr in var.vpc_ipam.pool_cidrs : cidr.name => cidr }

cidr = each.value.cidr
dynamic "cidr_authorization_context" {
for_each = each.value.cidr_authorization_context != null ? [1] : []

content {
message = each.value.cidr_authorization_context_message
signature = each.value.cidr_authorization_context_signature
}
}

ipam_pool_id = aws_vpc_ipam_pool.this[var.vpc_ipam.pools[0].name].id
netmask_length = each.value.netmask_length

lifecycle {
precondition {
condition = each.value.cidr != "" && each.value.netmask_length != ""
error_message = "Cannot set both 'cidr' and 'netmask_length'."
}
}
}

module "vpc_ipam_resource_discovery_association" {
source = "./modules/resource-discovery-association"
ipam_id = var.resource_discovery_association.ipam_id
ipam_resource_discovery_id = var.resource_discovery_association.ipam_resource_discovery_id
tags = var.resource_discovery_association.tags
resource "aws_vpc_ipam_pool_cidr_allocation" "this" {
for_each = { for allocation in var.vpc_ipam.pool_cidr_allocations : allocation.cidr => allocation }

cidr = each.value.cidr
description = each.value.description
disallowed_cidrs = each.value.disallowed_cidrs
ipam_pool_id = each.value.ipam_pool_id
netmask_length = each.value.netmask_length
}

module "vpc_ipam_preview_next_cidr" {
source = "./modules/preview-next-cidr"
disallowed_cidrs = var.preview_next_cidr.disallowed_cidrs
ipam_pool_id = var.preview_next_cidr.ipam_pool_id
netmask_length = var.preview_next_cidr.netmask_length
# unsure of implementation usage? could be useful for checking/assigning next CIDR (dynamically)?
resource "aws_vpc_ipam_preview_next_cidr" "this" {
count = var.vpc_ipam.preview_next_cidr != null ? 1 : 0

disallowed_cidrs = var.vpc_ipam.preview_next_cidr.disallowed_cidrs
ipam_pool_id = var.vpc_ipam.preview_next_cidr.ipam_pool_id
netmask_length = var.vpc_ipam.preview_next_cidr.netmask_length
}

module "vpc_ipam_scope" {
source = "./modules/scope"
ipam_id = var.scope.ipam_id
tags = var.scope.tags
resource "aws_vpc_ipam_scope" "this" {
for_each = { for scope in var.vpc_ipam.scopes : scope.name => scope }

ipam_id = aws_vpc_ipam.this[0].id
description = each.value.description
tags = each.value.tags

lifecycle {
precondition {
condition = var.vpc_ipam.ipam != null
error_message = "You can't create a scope without creating an IPAM"
}
}
}
35 changes: 0 additions & 35 deletions modules/ipam/README.md
View file

This file was deleted.

8 changes: 0 additions & 8 deletions modules/ipam/main.tf
View file

This file was deleted.

4 changes: 0 additions & 4 deletions modules/ipam/outputs.tf
View file

This file was deleted.

23 changes: 0 additions & 23 deletions modules/ipam/variables.tf
View file

This file was deleted.

10 changes: 0 additions & 10 deletions modules/ipam/versions.tf
View file

This file was deleted.

36 changes: 0 additions & 36 deletions modules/pool-cidr-allocation/README.md
View file

This file was deleted.

7 changes: 0 additions & 7 deletions modules/pool-cidr-allocation/main.tf
View file

This file was deleted.

4 changes: 0 additions & 4 deletions modules/pool-cidr-allocation/outputs.tf
View file

This file was deleted.

28 changes: 0 additions & 28 deletions modules/pool-cidr-allocation/variables.tf
View file

This file was deleted.

10 changes: 0 additions & 10 deletions modules/pool-cidr-allocation/versions.tf
View file

This file was deleted.

Loading

0 comments on commit a473313

Please sign in to comment.