Skip to content

Commit

Permalink
feat: added support to the cbr-zone-module to use existing zone usi…
Browse files Browse the repository at this point in the history
…ng new inputs `existing_zone_id` and `use_existing_cbr_zone` (#530)
Ak-sky authored Sep 11, 2024
1 parent 4060786 commit 3e25409
Showing 25 changed files with 363 additions and 62 deletions.
15 changes: 8 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
@@ -25,6 +25,7 @@ See in particular the [fscloud module](./modules/fscloud/) that enables creating
* [Multi resource rule example](./examples/multi-resource-rule)
* [Multi-zone example](./examples/multizone-rule)
* [Pre-wired CBR configuration for FS Cloud example](./examples/fscloud)
* [Zone example](./examples/update-existing-zone-addresses)
* [Zone example](./examples/zone)
* [Contributing](#contributing)
<!-- END OVERVIEW HOOK -->
@@ -103,7 +104,7 @@ You need the following permissions to run this module.
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.65.0, < 2.0.0 |
| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.69.0, < 2.0.0 |

### Modules

@@ -136,12 +137,12 @@ You need the following permissions to run this module.

| Name | Description |
|------|-------------|
| <a name="output_rule_crn"></a> [rule\_crn](#output\_rule\_crn) | CBR rule resource instance crn |
| <a name="output_rule_href"></a> [rule\_href](#output\_rule\_href) | CBR rule resource href |
| <a name="output_rule_id"></a> [rule\_id](#output\_rule\_id) | CBR rule resource instance id |
| <a name="output_zone_crn"></a> [zone\_crn](#output\_zone\_crn) | cbr\_zone resource instance crn |
| <a name="output_zone_href"></a> [zone\_href](#output\_zone\_href) | cbr\_zone resource instance link |
| <a name="output_zone_id"></a> [zone\_id](#output\_zone\_id) | cbr\_zone resource instance id |
| <a name="output_rule_crn"></a> [rule\_crn](#output\_rule\_crn) | CBR rule crn |
| <a name="output_rule_href"></a> [rule\_href](#output\_rule\_href) | CBR rule href |
| <a name="output_rule_id"></a> [rule\_id](#output\_rule\_id) | CBR rule id |
| <a name="output_zone_crn"></a> [zone\_crn](#output\_zone\_crn) | cbr\_zone crn |
| <a name="output_zone_href"></a> [zone\_href](#output\_zone\_href) | cbr\_zone link |
| <a name="output_zone_id"></a> [zone\_id](#output\_zone\_id) | cbr\_zone id |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

<!-- Leave this section as is so that your module has a link to local development environment set up steps for contributors to follow -->
6 changes: 3 additions & 3 deletions examples/multi-service-profile/outputs.tf
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@

output "zone_ids" {
value = module.cbr_rule_multi_service_profile[*].zone_ids
description = "CBR zone resource instance id(s)"
description = "CBR zone id(s)"
}

output "zone_crns" {
@@ -24,12 +24,12 @@ output "rule_ids" {

output "rule_crns" {
value = module.cbr_rule_multi_service_profile[*].rule_crns
description = "CBR rule resource instance crn(s)"
description = "CBR rule crn(s)"
}

output "rule_hrefs" {
value = module.cbr_rule_multi_service_profile[*].rule_hrefs
description = "CBR rule resource instance href(s)"
description = "CBR rule href(s)"
}

output "vpc_crn" {
2 changes: 1 addition & 1 deletion examples/multi-service-profile/version.tf
Original file line number Diff line number Diff line change
@@ -5,7 +5,7 @@ terraform {
# module's version.tf (zone or multi zone rule), and 1 example that will always use the latest provider version (fscloud multi service profile and multi resource rule).
ibm = {
source = "IBM-Cloud/ibm"
version = ">= 1.65.0"
version = ">= 1.69.0"

}
}
12 changes: 6 additions & 6 deletions examples/multizone-rule/outputs.tf
Original file line number Diff line number Diff line change
@@ -4,17 +4,17 @@

output "zone_id" {
value = module.cbr_zone[*].zone_id
description = "CBR zone resource instance id"
description = "CBR zone id"
}

output "zone_crn" {
value = module.cbr_zone[*].zone_crn
description = "CBR zone resource instance crn"
description = "CBR zone crn"
}

output "zone_href" {
value = module.cbr_zone[*].zone_href
description = "CBR zone resource instance href"
description = "CBR zone href"
}

output "cos_guid" {
@@ -34,7 +34,7 @@ output "resource_group_id" {

output "rule_id" {
value = module.cbr_rule.rule_id
description = "CBR rule resource instance id"
description = "CBR rule id"
}

output "rule_description" {
@@ -44,10 +44,10 @@ output "rule_description" {

output "rule_crn" {
value = module.cbr_rule.rule_crn
description = "CBR rule resource instance crn"
description = "CBR rule crn"
}

output "rule_href" {
value = module.cbr_rule.rule_href
description = "CBR rule resource instance href"
description = "CBR rule href"
}
2 changes: 1 addition & 1 deletion examples/multizone-rule/version.tf
Original file line number Diff line number Diff line change
@@ -5,7 +5,7 @@ terraform {
# module's version.tf (zone or multi zone rule), and 1 example that will always use the latest provider version (fscloud multi service profile and multi resource rule).
ibm = {
source = "IBM-Cloud/ibm"
version = "1.65.0"
version = "1.69.0"
}
}
}
9 changes: 9 additions & 0 deletions examples/update-existing-zone-addresses/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Zone example

Example that creates a zone for context-based restrictions. This example uses the IBM Cloud Provider to automate the following infrastructure:

- Creates 2 VPCs.
- Creates 2 Public Gateways.
- Creates 2 VPC Subnets.
- Creates a CBR Zone for the VPC.
- Updates an existing CBR Zone created above with new addresses containing another VPC created above and a `compliance` serviceRef.
108 changes: 108 additions & 0 deletions examples/update-existing-zone-addresses/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
##############################################################################
# Get Cloud Account ID
##############################################################################

data "ibm_iam_account_settings" "iam_account_settings" {
}

##############################################################################
# Resource Group
##############################################################################

module "resource_group" {
source = "terraform-ibm-modules/resource-group/ibm"
version = "1.1.6"
# if an existing resource group is not set (null) create a new one using prefix
resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null
existing_resource_group_name = var.resource_group
}

##############################################################################
# VPCs
##############################################################################
resource "ibm_is_vpc" "example_vpc" {
name = "${var.prefix}-vpc"
resource_group = module.resource_group.resource_group_id
tags = var.resource_tags
}

resource "ibm_is_public_gateway" "testacc_gateway" {
name = "${var.prefix}-pgateway"
vpc = ibm_is_vpc.example_vpc.id
zone = "${var.region}-1"
resource_group = module.resource_group.resource_group_id
}

resource "ibm_is_subnet" "testacc_subnet" {
name = "${var.prefix}-subnet"
vpc = ibm_is_vpc.example_vpc.id
zone = "${var.region}-1"
public_gateway = ibm_is_public_gateway.testacc_gateway.id
total_ipv4_address_count = 256
resource_group = module.resource_group.resource_group_id
}

resource "ibm_is_vpc" "example_new_vpc" {
name = "${var.prefix}-new-vpc"
resource_group = module.resource_group.resource_group_id
tags = var.resource_tags
}

resource "ibm_is_public_gateway" "testacc_new_gateway" {
name = "${var.prefix}-new-pgateway"
vpc = ibm_is_vpc.example_new_vpc.id
zone = "${var.region}-1"
resource_group = module.resource_group.resource_group_id
}

resource "ibm_is_subnet" "testacc_new_subnet" {
name = "${var.prefix}-new-subnet"
vpc = ibm_is_vpc.example_new_vpc.id
zone = "${var.region}-1"
public_gateway = ibm_is_public_gateway.testacc_new_gateway.id
total_ipv4_address_count = 256
resource_group = module.resource_group.resource_group_id
}

##############################################################################
# CBR zone & rule creation
##############################################################################

locals {
zone_address_details = [{
type = "vpc", # to bind a specific vpc to the zone
value = resource.ibm_is_vpc.example_vpc.crn,
}, {
type = "serviceRef" # to bind a service reference type should be 'serviceRef'
ref = {
account_id = data.ibm_iam_account_settings.iam_account_settings.account_id
service_name = "secrets-manager" # secrets manager service reference.
}
}]

new_zone_address_details = [{
type = "vpc", # to bind a specific vpc to the zone
value = resource.ibm_is_vpc.example_new_vpc.crn,
}, {
type = "serviceRef" # to bind a service reference type should be 'serviceRef'
ref = {
account_id = data.ibm_iam_account_settings.iam_account_settings.account_id
service_name = "compliance" # SCC service reference.
}
}]
}

module "ibm_cbr_zone" {
source = "../../modules/cbr-zone-module"
name = "${var.prefix}-cbr-zone"
account_id = data.ibm_iam_account_settings.iam_account_settings.account_id
zone_description = var.zone_description
addresses = local.zone_address_details
}

module "update_cbr_zone" {
source = "../../modules/cbr-zone-module"
use_existing_cbr_zone = true
existing_zone_id = module.ibm_cbr_zone.zone_id
addresses = local.new_zone_address_details
}
53 changes: 53 additions & 0 deletions examples/update-existing-zone-addresses/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# # ##############################################################################
# # # Outputs
# # ##############################################################################

output "vpc_id" {
value = resource.ibm_is_vpc.example_vpc.id
description = "VPC id"
}

output "new_vpc_id" {
value = resource.ibm_is_vpc.example_new_vpc.id
description = "New VPC id"
}

output "vpc_crn" {
value = resource.ibm_is_vpc.example_vpc.crn
description = "VPC crn"
}

output "new_vpc_crn" {
value = resource.ibm_is_vpc.example_new_vpc.crn
description = "New VPC crn"
}

output "account_id" {
description = "account id"
value = data.ibm_iam_account_settings.iam_account_settings.id
}

output "zone_name" {
value = module.ibm_cbr_zone.zone_names
description = "cbr_zone name"
}

output "zone_description" {
value = module.ibm_cbr_zone.zone_description
description = "cbr_zone description"
}

output "zone_id" {
value = module.ibm_cbr_zone.zone_id
description = "cbr_zone id"
}

output "zone_crn" {
value = module.ibm_cbr_zone.zone_crn
description = "cbr_zone crn"
}

output "zone_href" {
value = module.ibm_cbr_zone.zone_href
description = "cbr_zone href"
}
4 changes: 4 additions & 0 deletions examples/update-existing-zone-addresses/provider.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
region = var.region
}
37 changes: 37 additions & 0 deletions examples/update-existing-zone-addresses/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
variable "ibmcloud_api_key" {
type = string
description = "The IBM Cloud API Key"
sensitive = true
}

variable "prefix" {
type = string
description = "Prefix to append to all resources created by this example"
}

variable "region" {
description = "Name of the Region to deploy into"
type = string
}

variable "resource_group" {
type = string
description = "An existing resource group name to use for this example, if unset a new resource group will be created"
default = null
}

variable "resource_tags" {
type = list(string)
description = "Optional list of tags to be added to created resources"
default = []
}

##############################################################
# CBR
##############################################################

variable "zone_description" {
type = string
description = "(Optional, String) The description of the zone"
default = "Zone from automation"
}
11 changes: 11 additions & 0 deletions examples/update-existing-zone-addresses/version.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
terraform {
required_version = ">= 1.3.0"
required_providers {
# Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
# module's version.tf (zone or multi zone rule), and 1 example that will always use the latest provider version (fscloud multi service profile and multi resource rule).
ibm = {
source = "IBM-Cloud/ibm"
version = "1.69.0"
}
}
}
10 changes: 5 additions & 5 deletions examples/zone/outputs.tf
Original file line number Diff line number Diff line change
@@ -19,25 +19,25 @@ output "account_id" {

output "zone_name" {
value = module.ibm_cbr_zone.zone_names
description = "cbr_zone resource instance name"
description = "cbr_zone name"
}

output "zone_description" {
value = module.ibm_cbr_zone.zone_description
description = "cbr_zone resource instance description"
description = "cbr_zone description"
}

output "zone_id" {
value = module.ibm_cbr_zone.zone_id
description = "cbr_zone resource instance id"
description = "cbr_zone id"
}

output "zone_crn" {
value = module.ibm_cbr_zone.zone_crn
description = "cbr_zone resource instance crn"
description = "cbr_zone crn"
}

output "zone_href" {
value = module.ibm_cbr_zone.zone_href
description = "cbr_zone resource instance href"
description = "cbr_zone href"
}
2 changes: 1 addition & 1 deletion examples/zone/version.tf
Original file line number Diff line number Diff line change
@@ -5,7 +5,7 @@ terraform {
# module's version.tf (zone or multi zone rule), and 1 example that will always use the latest provider version (fscloud multi service profile and multi resource rule).
ibm = {
source = "IBM-Cloud/ibm"
version = "1.65.0"
version = "1.69.0"
}
}
}
Loading

0 comments on commit 3e25409

Please sign in to comment.