generated from terraform-ibm-modules/terraform-ibm-module-template
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Loading status checks…
feat: added support to the
cbr-zone-module
to use existing zone usi…
…ng new inputs `existing_zone_id` and `use_existing_cbr_zone` (#530)
Showing
25 changed files
with
363 additions
and
62 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# Zone example | ||
|
||
Example that creates a zone for context-based restrictions. This example uses the IBM Cloud Provider to automate the following infrastructure: | ||
|
||
- Creates 2 VPCs. | ||
- Creates 2 Public Gateways. | ||
- Creates 2 VPC Subnets. | ||
- Creates a CBR Zone for the VPC. | ||
- Updates an existing CBR Zone created above with new addresses containing another VPC created above and a `compliance` serviceRef. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
############################################################################## | ||
# Get Cloud Account ID | ||
############################################################################## | ||
|
||
data "ibm_iam_account_settings" "iam_account_settings" { | ||
} | ||
|
||
############################################################################## | ||
# Resource Group | ||
############################################################################## | ||
|
||
module "resource_group" { | ||
source = "terraform-ibm-modules/resource-group/ibm" | ||
version = "1.1.6" | ||
# if an existing resource group is not set (null) create a new one using prefix | ||
resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null | ||
existing_resource_group_name = var.resource_group | ||
} | ||
|
||
############################################################################## | ||
# VPCs | ||
############################################################################## | ||
resource "ibm_is_vpc" "example_vpc" { | ||
name = "${var.prefix}-vpc" | ||
resource_group = module.resource_group.resource_group_id | ||
tags = var.resource_tags | ||
} | ||
|
||
resource "ibm_is_public_gateway" "testacc_gateway" { | ||
name = "${var.prefix}-pgateway" | ||
vpc = ibm_is_vpc.example_vpc.id | ||
zone = "${var.region}-1" | ||
resource_group = module.resource_group.resource_group_id | ||
} | ||
|
||
resource "ibm_is_subnet" "testacc_subnet" { | ||
name = "${var.prefix}-subnet" | ||
vpc = ibm_is_vpc.example_vpc.id | ||
zone = "${var.region}-1" | ||
public_gateway = ibm_is_public_gateway.testacc_gateway.id | ||
total_ipv4_address_count = 256 | ||
resource_group = module.resource_group.resource_group_id | ||
} | ||
|
||
resource "ibm_is_vpc" "example_new_vpc" { | ||
name = "${var.prefix}-new-vpc" | ||
resource_group = module.resource_group.resource_group_id | ||
tags = var.resource_tags | ||
} | ||
|
||
resource "ibm_is_public_gateway" "testacc_new_gateway" { | ||
name = "${var.prefix}-new-pgateway" | ||
vpc = ibm_is_vpc.example_new_vpc.id | ||
zone = "${var.region}-1" | ||
resource_group = module.resource_group.resource_group_id | ||
} | ||
|
||
resource "ibm_is_subnet" "testacc_new_subnet" { | ||
name = "${var.prefix}-new-subnet" | ||
vpc = ibm_is_vpc.example_new_vpc.id | ||
zone = "${var.region}-1" | ||
public_gateway = ibm_is_public_gateway.testacc_new_gateway.id | ||
total_ipv4_address_count = 256 | ||
resource_group = module.resource_group.resource_group_id | ||
} | ||
|
||
############################################################################## | ||
# CBR zone & rule creation | ||
############################################################################## | ||
|
||
locals { | ||
zone_address_details = [{ | ||
type = "vpc", # to bind a specific vpc to the zone | ||
value = resource.ibm_is_vpc.example_vpc.crn, | ||
}, { | ||
type = "serviceRef" # to bind a service reference type should be 'serviceRef' | ||
ref = { | ||
account_id = data.ibm_iam_account_settings.iam_account_settings.account_id | ||
service_name = "secrets-manager" # secrets manager service reference. | ||
} | ||
}] | ||
|
||
new_zone_address_details = [{ | ||
type = "vpc", # to bind a specific vpc to the zone | ||
value = resource.ibm_is_vpc.example_new_vpc.crn, | ||
}, { | ||
type = "serviceRef" # to bind a service reference type should be 'serviceRef' | ||
ref = { | ||
account_id = data.ibm_iam_account_settings.iam_account_settings.account_id | ||
service_name = "compliance" # SCC service reference. | ||
} | ||
}] | ||
} | ||
|
||
module "ibm_cbr_zone" { | ||
source = "../../modules/cbr-zone-module" | ||
name = "${var.prefix}-cbr-zone" | ||
account_id = data.ibm_iam_account_settings.iam_account_settings.account_id | ||
zone_description = var.zone_description | ||
addresses = local.zone_address_details | ||
} | ||
|
||
module "update_cbr_zone" { | ||
source = "../../modules/cbr-zone-module" | ||
use_existing_cbr_zone = true | ||
existing_zone_id = module.ibm_cbr_zone.zone_id | ||
addresses = local.new_zone_address_details | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
# # ############################################################################## | ||
# # # Outputs | ||
# # ############################################################################## | ||
|
||
output "vpc_id" { | ||
value = resource.ibm_is_vpc.example_vpc.id | ||
description = "VPC id" | ||
} | ||
|
||
output "new_vpc_id" { | ||
value = resource.ibm_is_vpc.example_new_vpc.id | ||
description = "New VPC id" | ||
} | ||
|
||
output "vpc_crn" { | ||
value = resource.ibm_is_vpc.example_vpc.crn | ||
description = "VPC crn" | ||
} | ||
|
||
output "new_vpc_crn" { | ||
value = resource.ibm_is_vpc.example_new_vpc.crn | ||
description = "New VPC crn" | ||
} | ||
|
||
output "account_id" { | ||
description = "account id" | ||
value = data.ibm_iam_account_settings.iam_account_settings.id | ||
} | ||
|
||
output "zone_name" { | ||
value = module.ibm_cbr_zone.zone_names | ||
description = "cbr_zone name" | ||
} | ||
|
||
output "zone_description" { | ||
value = module.ibm_cbr_zone.zone_description | ||
description = "cbr_zone description" | ||
} | ||
|
||
output "zone_id" { | ||
value = module.ibm_cbr_zone.zone_id | ||
description = "cbr_zone id" | ||
} | ||
|
||
output "zone_crn" { | ||
value = module.ibm_cbr_zone.zone_crn | ||
description = "cbr_zone crn" | ||
} | ||
|
||
output "zone_href" { | ||
value = module.ibm_cbr_zone.zone_href | ||
description = "cbr_zone href" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
provider "ibm" { | ||
ibmcloud_api_key = var.ibmcloud_api_key | ||
region = var.region | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
variable "ibmcloud_api_key" { | ||
type = string | ||
description = "The IBM Cloud API Key" | ||
sensitive = true | ||
} | ||
|
||
variable "prefix" { | ||
type = string | ||
description = "Prefix to append to all resources created by this example" | ||
} | ||
|
||
variable "region" { | ||
description = "Name of the Region to deploy into" | ||
type = string | ||
} | ||
|
||
variable "resource_group" { | ||
type = string | ||
description = "An existing resource group name to use for this example, if unset a new resource group will be created" | ||
default = null | ||
} | ||
|
||
variable "resource_tags" { | ||
type = list(string) | ||
description = "Optional list of tags to be added to created resources" | ||
default = [] | ||
} | ||
|
||
############################################################## | ||
# CBR | ||
############################################################## | ||
|
||
variable "zone_description" { | ||
type = string | ||
description = "(Optional, String) The description of the zone" | ||
default = "Zone from automation" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
terraform { | ||
required_version = ">= 1.3.0" | ||
required_providers { | ||
# Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main | ||
# module's version.tf (zone or multi zone rule), and 1 example that will always use the latest provider version (fscloud multi service profile and multi resource rule). | ||
ibm = { | ||
source = "IBM-Cloud/ibm" | ||
version = "1.69.0" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.