zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

refactor locals (#382)

This commit is contained in:
Ludovico Magnocavallo 2021-12-07 19:26:24 +01:00 committed by GitHub
parent 6315410642
commit fcc8741cd2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 101 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
modules/net-vpc/README.md
View File

@ -171,7 +171,7 @@ module "vpc" {
```
### Subnet Factory
The `net-vpc` module includes a subnet factory (see [Resource Factories](../../factories/)) for the massive creation of subnets leveraging one configuration file per subnet.
The `net-vpc` module includes a subnet factory (see [Resource Factories](../../factories/)) for the massive creation of subnets leveraging one configuration file per subnet.
```hcl
@ -186,17 +186,20 @@ module "vpc" {
```yaml
# ./config/subnets/subnet-name.yaml
region: europe-west1 # Region where the subnet will be creted
description: Sample description # Description
ip_cidr_range: 10.0.0.0/24 # Primary IP range for the subnet
private_ip_google_access: false # Opt- Enables PGA. Defaults to true
iam_users: ["foobar@example.com"] # Opt- Users to grant compute/networkUser to
iam_groups: ["lorem@example.com"] # Opt- Groups to grant compute/networkUser to
iam_service_accounts: ["foobar@project-id.iam.gserviceaccount.com"]
# Opt- SAs to grant compute/networkUser to
secondary_ip_ranges: # Opt- List of secondary IP ranges
- secondary-range-a: 192.168.0.0/24
# Secondary ranges in name: cidr format
region: europe-west1
description: Sample description
ip_cidr_range: 10.0.0.0/24
# optional attributes
private_ip_google_access: false # defaults to true
iam_users: ["foobar@example.com"] # grant compute/networkUser to users
iam_groups: ["lorem@example.com"] # grant compute/networkUser to groups
iam_service_accounts: ["fbz@prj.iam.gserviceaccount.com"]
secondary_ip_ranges: # map of secondary ip ranges
- secondary-range-a: 192.168.0.0/24
flow_logs: # enable, set to empty map to use defaults
- aggregation_interval: "INTERVAL_5_SEC"
- flow_sampling: 0.5
- metadata: "INCLUDE_ALL_METADATA"
```
<!-- BEGIN TFDOC -->

178
modules/net-vpc/main.tf
View File

@ -15,86 +15,17 @@
*/
locals {
log_configs = var.log_configs == null ? {} : var.log_configs
peer_network = (
var.peering_config == null
? null
: element(reverse(split("/", var.peering_config.peer_vpc_self_link)), 0)
)
routes = var.routes == null ? {} : var.routes
routes_gateway = {
for name, data in local.routes :
name => data if data.next_hop_type == "gateway"
}
routes_ilb = {
for name, data in local.routes :
name => data if data.next_hop_type == "ilb"
}
routes_instance = {
for name, data in local.routes :
name => data if data.next_hop_type == "instance"
}
routes_ip = {
for name, data in local.routes :
name => data if data.next_hop_type == "ip"
}
routes_vpn_tunnel = {
for name, data in local.routes :
name => data if data.next_hop_type == "vpn_tunnel"
}
subnet_log_configs = {
for name, attrs in { for s in local.subnets : format("%s/%s", s.region, s.name) => s } : name => (
lookup(var.subnet_flow_logs, name, false)
? [{
for key, value in var.log_config_defaults : key => lookup(
lookup(local.log_configs, name, {}), key, value
)
}]
: []
)
}
subnets = merge({
for subnet in var.subnets :
"${subnet.region}/${subnet.name}" => subnet
}, local.subnet_data)
subnets_l7ilb = {
for subnet in var.subnets_l7ilb :
"${subnet.region}/${subnet.name}" => subnet
}
network = (
var.vpc_create
? try(google_compute_network.network.0, null)
: try(data.google_compute_network.network.0, null)
)
_subnet_data = var.data_folder == null ? {} : {
_factory_data = var.data_folder == null ? {} : {
for f in fileset(var.data_folder, "**/*.yaml") :
trimsuffix(basename(f), ".yaml") => yamldecode(file("${var.data_folder}/${f}"))
}
subnet_data = {
for k, v in local._subnet_data : "${v.region}/${k}" => {
ip_cidr_range = v.ip_cidr_range
name = k
region = v.region
secondary_ip_range = try(v.secondary_ip_range, [])
}
_factory_descriptions = {
for k, v in local._factory_data :
"${v.region}/${k}" => try(v.description, null)
}
subnet_data_descriptions = {
for k, v in local._subnet_data : "${v.region}/${k}" => try(v.description, null)
}
subnet_descriptions = merge(var.subnet_descriptions, local.subnet_data_descriptions)
subnet_data_private_access = {
for k, v in local._subnet_data : "${v.region}/${k}" => try(v.private_ip_google_access, true)
}
subnet_private_access = merge(var.subnet_private_access, local.subnet_data_private_access)
iam_members = var.iam == null ? {} : var.iam
subnet_data_iam_members = [
for k, v in local._subnet_data : {
subnet = "${v.region}/${k}"
_factory_iam_members = [
for k, v in local._factory_subnets : {
subnet = k
role = "roles/compute.networkUser"
members = concat(
formatlist("group:%s", try(v.iam_groups, [])),
@ -103,16 +34,77 @@ locals {
)
}
]
subnet_iam_members = concat(local.subnet_data_iam_members, flatten([
for subnet, roles in local.iam_members : [
_factory_flow_logs = {
for k, v in local._factory_data : "${v.region}/${k}" => merge(
var.log_config_defaults, try(v.flow_logs, {})
) if try(v.flow_logs, false)
}
_factory_private_access = {
for k, v in local._factory_data : "${v.region}/${k}" => try(
v.private_ip_google_access, true
)
}
_factory_subnets = {
for k, v in local._factory_data : "${v.region}/${k}" => {
ip_cidr_range = v.ip_cidr_range
name = k
region = v.region
secondary_ip_range = try(v.secondary_ip_range, [])
}
}
_iam = var.iam == null ? {} : var.iam
_routes = var.routes == null ? {} : var.routes
_subnet_flow_logs = {
for k, v in var.subnet_flow_logs : k => merge(
var.log_config_defaults, try(var.log_configs[k], {})
)
}
_subnet_iam_members = flatten([
for subnet, roles in local._iam : [
for role, members in roles : {
subnet = subnet
role = role
members = members
role = role
subnet = subnet
}
]
]))
])
network = (
var.vpc_create
? try(google_compute_network.network.0, null)
: try(data.google_compute_network.network.0, null)
)
peer_network = (
var.peering_config == null
? null
: element(reverse(split("/", var.peering_config.peer_vpc_self_link)), 0)
)
routes = {
gateway = { for k, v in local._routes : k => v if v.next_hop_type == "gateway" }
ilb = { for k, v in local._routes : k => v if v.next_hop_type == "ilb" }
instance = { for k, v in local._routes : k => v if v.next_hop_type == "instance" }
ip = { for k, v in local._routes : k => v if v.next_hop_type == "ip" }
vpn_tunnel = { for k, v in local._routes : k => v if v.next_hop_type == "vpn_tunnel" }
}
subnet_descriptions = merge(
local._factory_descriptions, var.subnet_descriptions
)
subnet_iam_members = concat(
local._factory_iam_members, local._subnet_iam_members
)
subnet_flow_logs = merge(
local._factory_flow_logs, local._subnet_flow_logs
)
subnet_private_access = merge(
local._factory_private_access, var.subnet_private_access
)
subnets = merge(
{ for subnet in var.subnets : "${subnet.region}/${subnet.name}" => subnet },
local._factory_subnets
)
subnets_l7ilb = {
for subnet in var.subnets_l7ilb :
"${subnet.region}/${subnet.name}" => subnet
}
}
data "google_compute_network" "network" {
@ -182,15 +174,17 @@ resource "google_compute_subnetwork" "subnetwork" {
{ range_name = name, ip_cidr_range = range }
]
description = lookup(
local.subnet_descriptions,
"${each.value.region}/${each.value.name}",
"Terraform-managed."
local.subnet_descriptions, each.key, "Terraform-managed."
)
private_ip_google_access = lookup(
local.subnet_private_access, "${each.value.region}/${each.value.name}", true
local.subnet_private_access, each.key, true
)
dynamic "log_config" {
for_each = local.subnet_log_configs["${each.value.region}/${each.value.name}"]
for_each = toset(
try(local.subnet_flow_logs[each.key], {}) != {}
? [local.subnet_flow_logs[each.key]]
: []
)
iterator = config
content {
aggregation_interval = config.value.aggregation_interval
@ -232,7 +226,7 @@ resource "google_compute_subnetwork_iam_binding" "binding" {
}
resource "google_compute_route" "gateway" {
for_each = local.routes_gateway
for_each = local.routes.gateway
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
@ -244,7 +238,7 @@ resource "google_compute_route" "gateway" {
}
resource "google_compute_route" "ilb" {
for_each = local.routes_ilb
for_each = local.routes.ilb
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
@ -256,7 +250,7 @@ resource "google_compute_route" "ilb" {
}
resource "google_compute_route" "instance" {
for_each = local.routes_instance
for_each = local.routes.instance
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
@ -270,7 +264,7 @@ resource "google_compute_route" "instance" {
}
resource "google_compute_route" "ip" {
for_each = local.routes_ip
for_each = local.routes.ip
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"
@ -282,7 +276,7 @@ resource "google_compute_route" "ip" {
}
resource "google_compute_route" "vpn_tunnel" {
for_each = local.routes_vpn_tunnel
for_each = local.routes.vpn_tunnel
project = var.project_id
network = local.network.name
name = "${var.name}-${each.key}"