Merge pull request #64 from drewmullen/contig-block

tbulding · web-flow · commit 61492435ba70 · 2023-10-31T09:29:48.000-05:00
add option for contig blocks
diff --git a/.gitignore b/.gitignore
@@ -5,6 +5,7 @@
 *.tfstate
 *.tfstate.*
 terraform.tfvars
+.terraform
 
 # Crash log files
 crash.log
diff --git a/README.md b/README.md
@@ -146,18 +146,22 @@ The IPAM `operating_region` variable must be set for the primary Region in your
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_top_cidr"></a> [top\_cidr](#input\_top\_cidr) | Top-level CIDR blocks. | `list(string)` | n/a | yes |
 | <a name="input_address_family"></a> [address\_family](#input\_address\_family) | IPv4/6 address family. | `string` | `"ipv4"` | no |
 | <a name="input_create_ipam"></a> [create\_ipam](#input\_create\_ipam) | Determines whether to create an IPAM. If `false`, you must also provide a var.ipam\_scope\_id. | `bool` | `true` | no |
 | <a name="input_ipam_scope_id"></a> [ipam\_scope\_id](#input\_ipam\_scope\_id) | (Optional) Required if `var.ipam_id` is set. Determines which scope to deploy pools into. | `string` | `null` | no |
 | <a name="input_ipam_scope_type"></a> [ipam\_scope\_type](#input\_ipam\_scope\_type) | Which scope type to use. Valid inputs include `public` or `private`. You can alternatively provide your own scope ID. | `string` | `"private"` | no |
 | <a name="input_pool_configurations"></a> [pool\_configurations](#input\_pool\_configurations) | A multi-level, nested map describing nested IPAM pools. Can nest up to three levels with the top level being outside the `pool_configurations` in vars prefixed `top_`. If arugument descriptions are omitted, you can find them in the [official documentation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool#argument-reference).<br><br>- `ram_share_principals` = (optional, list(string)) of valid organization principals to create ram shares to.<br>- `name`                 = (optional, string) name to give the pool, the key of your map in var.pool\_configurations will be used if omitted.<br>- `description`          = (optional, string) description to give the pool, the key of your map in var.pool\_configurations will be used if omitted.<br>- `cidr`                 = (optional, list(string)) list of CIDRs to provision into pool. Conflicts with `netmask_length`.<br>- `netmask_length`       = (optional, number) netmask length to request provisioned into pool. Conflicts with `cidr`.<br><br>- `locale`      = (optional, string) locale to set for pool.<br>- `auto_import` = (optional, string)<br>- `tags`        = (optional, map(string))<br>- `allocation_default_netmask_length` = (optional, string)<br>- `allocation_max_netmask_length`     = (optional, string)<br>- `allocation_min_netmask_length`     = (optional, string)<br>- `allocation_resource_tags`          = (optional, map(string))<br><br>The following arguments are available but only relevant for public ips<br>- `cidr_authorization_context` = (optional, map(string)) Details found in [official documentation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr#cidr_authorization_context).<br>- `aws_service`                = (optional, string)<br>- `publicly_advertisable`      = (optional, bool)<br><br>- `sub_pools` = (nested repeats of pool\_configuration object above) | `any` | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags to add to the aws\_vpc\_ipam resource. | `any` | `{}` | no |
 | <a name="input_top_auto_import"></a> [top\_auto\_import](#input\_top\_auto\_import) | `auto_import` setting for top-level pool. | `bool` | `null` | no |
+| <a name="input_top_aws_service"></a> [top\_aws\_service](#input\_top\_aws\_service) | AWS service, for usage with public IPs. Valid values "ec2". | `string` | `null` | no |
+| <a name="input_top_cidr"></a> [top\_cidr](#input\_top\_cidr) | Top-level CIDR blocks. | `list(string)` | `null` | no |
 | <a name="input_top_cidr_authorization_contexts"></a> [top\_cidr\_authorization\_contexts](#input\_top\_cidr\_authorization\_contexts) | CIDR must match a CIDR defined in `var.top_cidr`. A list of signed documents that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP. Document is not stored in the state file. For more information, refer to https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr#cidr_authorization_context. | <pre>list(object({<br>    cidr      = string<br>    message   = string<br>    signature = string<br>  }))</pre> | `[]` | no |
 | <a name="input_top_description"></a> [top\_description](#input\_top\_description) | Description of top-level pool. | `string` | `""` | no |
+| <a name="input_top_locale"></a> [top\_locale](#input\_top\_locale) | locale of the top-level pool. Do not use this value unless building an ipv6 contiguous block pool. You will have to instantiate the module for each operating region you want a pool structure in. | `string` | `null` | no |
 | <a name="input_top_name"></a> [top\_name](#input\_top\_name) | Name of top-level pool. | `string` | `null` | no |
 | <a name="input_top_netmask_length"></a> [top\_netmask\_length](#input\_top\_netmask\_length) | Top-level netmask length to request. Not possible to use for IPv4. Only possible to use with amazon provided ipv6. | `number` | `null` | no |
+| <a name="input_top_public_ip_source"></a> [top\_public\_ip\_source](#input\_top\_public\_ip\_source) | public IP source for usage with public IPs. Valid values "amazon" or "byoip". | `string` | `null` | no |
+| <a name="input_top_publicly_advertisable"></a> [top\_publicly\_advertisable](#input\_top\_publicly\_advertisable) | Whether or not the top-level pool is publicly advertisable. | `bool` | `null` | no |
 | <a name="input_top_ram_share_principals"></a> [top\_ram\_share\_principals](#input\_top\_ram\_share\_principals) | Principals to create RAM shares for top-level pool. | `list(string)` | `null` | no |
 
 ## Outputs
diff --git a/examples/contiguous_block_ipv6/main.tf b/examples/contiguous_block_ipv6/main.tf
@@ -0,0 +1,35 @@
+module "ipv6_contiguous" {
+  # source  = "aws-ia/ipam/aws"
+  source = "../.."
+
+  top_cidr                  = null
+  top_netmask_length        = "52"
+  address_family            = "ipv6"
+  ipam_scope_type           = "public"
+  top_aws_service           = "ec2"
+  top_publicly_advertisable = false
+  top_public_ip_source      = "amazon"
+  top_locale                = "us-east-1"
+
+  pool_configurations = {
+    us-east-1 = {
+      name                  = "ipv6 us-east-1"
+      description           = "pool for ipv6 us-east-1"
+      netmask_length        = "55"
+      locale                = "us-east-1"
+      aws_service           = "ec2"
+      publicly_advertisable = false
+      public_ip_source      = "amazon"
+
+      sub_pools = {
+        team_a = {
+          name                  = "team_a"
+          netmask_length        = "56"
+          aws_service           = "ec2"
+          publicly_advertisable = false
+          public_ip_source      = "amazon"
+        }
+      }
+    }
+  }
+}
diff --git a/main.tf b/main.tf
@@ -49,10 +49,15 @@ module "level_zero" {
   cidr_authorization_contexts = var.top_cidr_authorization_contexts
 
   pool_config = {
-    cidr                 = var.top_cidr
-    ram_share_principals = var.top_ram_share_principals
-    auto_import          = var.top_auto_import
-    description          = var.top_description
+    cidr                  = var.top_cidr
+    ram_share_principals  = var.top_ram_share_principals
+    auto_import           = var.top_auto_import
+    description           = var.top_description
+    public_ip_source      = var.top_public_ip_source
+    publicly_advertisable = var.top_publicly_advertisable
+    aws_service           = var.top_aws_service
+    locale                = var.top_locale
+
 
     name           = var.top_name
     netmask_length = var.top_netmask_length
diff --git a/modules/sub_pool/README.md b/modules/sub_pool/README.md
@@ -32,7 +32,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_address_family"></a> [address\_family](#input\_address\_family) | IPv4/6 address family. | `string` | n/a | yes |
 | <a name="input_ipam_scope_id"></a> [ipam\_scope\_id](#input\_ipam\_scope\_id) | IPAM Scope ID to attach the pool to. | `string` | n/a | yes |
-| <a name="input_pool_config"></a> [pool\_config](#input\_pool\_config) | Configuration of the Pool you want to deploy. All aws\_vpc\_ipam\_pool arguments are available as well as ram\_share\_principals list and sub\_pools map (up to 3 levels). | <pre>object({<br>    cidr                 = optional(list(string))<br>    ram_share_principals = optional(list(string))<br><br>    locale                            = optional(string)<br>    allocation_default_netmask_length = optional(string)<br>    allocation_max_netmask_length     = optional(string)<br>    allocation_min_netmask_length     = optional(string)<br>    auto_import                       = optional(string)<br>    aws_service                       = optional(string)<br>    description                       = optional(string)<br>    name                              = optional(string)<br>    netmask_length                    = optional(number)<br>    publicly_advertisable             = optional(bool)<br><br>    allocation_resource_tags = optional(map(string))<br>    tags                     = optional(map(string))<br><br>    sub_pools = optional(any)<br>  })</pre> | n/a | yes |
+| <a name="input_pool_config"></a> [pool\_config](#input\_pool\_config) | Configuration of the Pool you want to deploy. All aws\_vpc\_ipam\_pool arguments are available as well as ram\_share\_principals list and sub\_pools map (up to 3 levels). | <pre>object({<br>    cidr                 = optional(list(string))<br>    ram_share_principals = optional(list(string))<br><br>    locale                            = optional(string)<br>    allocation_default_netmask_length = optional(string)<br>    allocation_max_netmask_length     = optional(string)<br>    allocation_min_netmask_length     = optional(string)<br>    auto_import                       = optional(string)<br>    aws_service                       = optional(string)<br>    description                       = optional(string)<br>    name                              = optional(string)<br>    netmask_length                    = optional(number)<br>    publicly_advertisable             = optional(bool)<br>    public_ip_source                  = optional(string)<br><br>    allocation_resource_tags = optional(map(string))<br>    tags                     = optional(map(string))<br><br>    sub_pools = optional(any)<br>  })</pre> | n/a | yes |
 | <a name="input_source_ipam_pool_id"></a> [source\_ipam\_pool\_id](#input\_source\_ipam\_pool\_id) | IPAM parent pool ID to attach the pool to. | `string` | n/a | yes |
 | <a name="input_cidr_authorization_contexts"></a> [cidr\_authorization\_contexts](#input\_cidr\_authorization\_contexts) | A list of signed documents that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP. Document is not stored in the state file. For more information, refer to https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr#cidr_authorization_context. | <pre>list(object({<br>    cidr      = string<br>    message   = string<br>    signature = string<br>  }))</pre> | `[]` | no |
 | <a name="input_implied_description"></a> [implied\_description](#input\_implied\_description) | Description is implied from the pool tree name <parent>/<child> unless specified on the pool\_config. | `string` | `null` | no |
diff --git a/modules/sub_pool/main.tf b/modules/sub_pool/main.tf
@@ -30,6 +30,7 @@ resource "aws_vpc_ipam_pool" "sub" {
   auto_import                       = var.pool_config.auto_import
   aws_service                       = var.pool_config.aws_service
   publicly_advertisable             = var.pool_config.publicly_advertisable
+  public_ip_source                  = var.pool_config.public_ip_source
 
   tags = local.tags
 }
diff --git a/modules/sub_pool/variables.tf b/modules/sub_pool/variables.tf
@@ -14,6 +14,7 @@ variable "pool_config" {
     name                              = optional(string)
     netmask_length                    = optional(number)
     publicly_advertisable             = optional(bool)
+    public_ip_source                  = optional(string)
 
     allocation_resource_tags = optional(map(string))
     tags                     = optional(map(string))
diff --git a/variables.tf b/variables.tf
@@ -30,6 +30,7 @@ EOF
 variable "top_cidr" {
   description = "Top-level CIDR blocks."
   type        = list(string)
+  default     = null
 }
 
 variable "top_netmask_length" {
@@ -72,6 +73,29 @@ variable "top_cidr_authorization_contexts" {
   default = []
 }
 
+variable "top_public_ip_source" {
+  description = "public IP source for usage with public IPs. Valid values \"amazon\" or \"byoip\"."
+  type        = string
+  default     = null
+}
+
+variable "top_publicly_advertisable" {
+  description = "Whether or not the top-level pool is publicly advertisable."
+  type        = bool
+  default     = null
+}
+
+variable "top_aws_service" {
+  description = "AWS service, for usage with public IPs. Valid values \"ec2\"."
+  type        = string
+  default     = null
+}
+
+variable "top_locale" {
+  description = "locale of the top-level pool. Do not use this value unless building an ipv6 contiguous block pool. You will have to instantiate the module for each operating region you want a pool structure in."
+  type        = string
+  default     = null
+}
 
 variable "address_family" {
   description = "IPv4/6 address family."

Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,7 @@ resource "aws_vpc_ipam_pool" "sub" {`
`30`	`30`	`auto_import = var.pool_config.auto_import`
`31`	`31`	`aws_service = var.pool_config.aws_service`
`32`	`32`	`publicly_advertisable = var.pool_config.publicly_advertisable`
	`33`	`+ public_ip_source = var.pool_config.public_ip_source`
`33`	`34`
`34`	`35`	`tags = local.tags`
`35`	`36`	`}`