From 9a7f145b37f42f7a223f0cebd9819fcf5b1d5887 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Mon, 12 Sep 2022 08:47:48 -0700 Subject: [PATCH 1/6] Fix for the issue #84 and issue #85 --- data.tf | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/data.tf b/data.tf index cb76324..664277e 100644 --- a/data.tf +++ b/data.tf @@ -25,7 +25,7 @@ locals { # constructed list of /az private_per_az = flatten([for az in local.azs : [for subnet in local.private_subnet_names : "${subnet}/${az}"]]) # list of private subnet keys with connect_to_public_natgw = true - private_subnets_nat_routed = [for type in local.private_subnet_names : type if can(var.subnets[type].connect_to_public_natgw)] + private_subnets_nat_routed = [for type in local.private_subnet_names : type if try(var.subnets[type].connect_to_public_natgw == true, false)] # private subnets with cidrs per az if connect_to_public_natgw = true ... "privatetwo/us-east-1a" private_subnet_names_nat_routed = [for subnet in local.private_per_az : subnet if contains(local.private_subnets_nat_routed, split("/", subnet)[0])] @@ -42,16 +42,19 @@ locals { "single_az" = [local.azs[0]] "none" = [] # explicit "none" or omitted } + nat_gateway_configuration = try(length(var.subnets.public.nat_gateway_configuration), 0) != 0 ? var.subnets.public.nat_gateway_configuration : "none" + # if public subnets being built, check how many nats to create # options defined by `local.nat_options` # nat_configuration is a list of az names where a nat should be created - nat_configuration = contains(local.subnet_keys, "public") ? local.nat_options[try(var.subnets.public.nat_gateway_configuration, "none")] : local.nat_options["none"] + nat_configuration = contains(local.subnet_keys, "public") ? local.nat_options[local.nat_gateway_configuration] : local.nat_options["none"] # used to reference which nat gateway id should be used in route nat_per_az = (contains(local.subnet_keys, "public") && !var.vpc_secondary_cidr) ? ( # map of az : { id = }, ex: { "us-east-1a" : { "id": "nat-123" }} - { for az in local.azs : az => { id : try(aws_nat_gateway.main[az].id, aws_nat_gateway.main[local.nat_configuration[0]].id) } } - ) : ( + { for az in local.azs : az => { + id : try(aws_nat_gateway.main[az].id, aws_nat_gateway.main[local.nat_configuration[0]].id) } if local.nat_gateway_configuration != "none" + }) : ( var.vpc_secondary_cidr ? var.vpc_secondary_cidr_natgw : {} ) From 020441217501f879fddbf830785a2518bd19d064 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Mon, 12 Sep 2022 17:49:35 -0700 Subject: [PATCH 2/6] added terratest for the NAT GW routes testing --- examples/nat_gw_routes/.header.md | 6 +++ examples/nat_gw_routes/README.md | 0 examples/nat_gw_routes/main.tf | 38 +++++++++++++ examples/nat_gw_routes/outputs.tf | 21 ++++++++ examples/nat_gw_routes/variables.tf | 9 ++++ test/examples_nat_gw_routes.go | 84 +++++++++++++++++++++++++++++ 6 files changed, 158 insertions(+) create mode 100644 examples/nat_gw_routes/.header.md create mode 100644 examples/nat_gw_routes/README.md create mode 100644 examples/nat_gw_routes/main.tf create mode 100644 examples/nat_gw_routes/outputs.tf create mode 100644 examples/nat_gw_routes/variables.tf create mode 100644 test/examples_nat_gw_routes.go diff --git a/examples/nat_gw_routes/.header.md b/examples/nat_gw_routes/.header.md new file mode 100644 index 0000000..bd57c6a --- /dev/null +++ b/examples/nat_gw_routes/.header.md @@ -0,0 +1,6 @@ +# NAT Gateway Options + +This example builds a VPC with public and private subnets in 2 availability zones. +It creates NAT GW in public subnet with either "none", "single_az" or "all_azs" option. +It creates routes from private subnets to NAT GW if `connect_to_public_natgw` is true otherwise no route is created. +It creates an internet gateway and appropriately routes subnet traffic from "0.0.0.0/0" to the IGW. diff --git a/examples/nat_gw_routes/README.md b/examples/nat_gw_routes/README.md new file mode 100644 index 0000000..e69de29 diff --git a/examples/nat_gw_routes/main.tf b/examples/nat_gw_routes/main.tf new file mode 100644 index 0000000..0f0a260 --- /dev/null +++ b/examples/nat_gw_routes/main.tf @@ -0,0 +1,38 @@ +module "nat_gw_vpc" { + source = "aws-ia/vpc/aws" + version = ">= 2.4.0" + + name = "nat-gw-options-vpc" + cidr_block = "10.51.0.0/16" + az_count = 2 + + subnets = { + public = { + name_prefix = "public" # omit to prefix with "public" + cidrs = ["10.51.0.0/24", "10.51.1.0/24"] + nat_gateway_configuration = var.nat_gateway_configuration + tags = { + "tier" = "web" + } + } + app = { + name_prefix = "app" + cidrs = ["10.51.21.0/24", "10.51.22.0/24"] + connect_to_public_natgw = var.route_to_nw + tags = { + "tier" = "app" + } + db = { + name_prefix = "db" + cidrs = ["10.51.31.0/24", "10.51.32.0/24"] + connect_to_public_natgw = var.route_to_nw + tags = { + "tier" = "database" + } + } + } + tags = { + "app" = "test" + } +} + diff --git a/examples/nat_gw_routes/outputs.tf b/examples/nat_gw_routes/outputs.tf new file mode 100644 index 0000000..6fd3148 --- /dev/null +++ b/examples/nat_gw_routes/outputs.tf @@ -0,0 +1,21 @@ +output "private_subnet_attributes_by_az" { + description = "Map of all private subnets containing their attributes." + value = module.shared_services_vpc.private_subnet_attributes_by_az + +} + +output "public_subnet_attributes_by_az" { + description = "Map of all public subnets containing their attributes." + value = module.shared_services_vpc.public_subnet_attributes_by_az + +} + +output "rt_attributes_by_type_by_az" { + description = "Map of route tables by type => az => route table attributes." + value = module.shared_services_vpc.rt_attributes_by_type_by_az +} + +output "nat_gateway_attributes_by_az" { + description = "Map of nat gateway resource attributes by AZ." + value = module.shared_services_vpc.nat_gateway_attributes_by_az +} diff --git a/examples/nat_gw_routes/variables.tf b/examples/nat_gw_routes/variables.tf new file mode 100644 index 0000000..47f56db --- /dev/null +++ b/examples/nat_gw_routes/variables.tf @@ -0,0 +1,9 @@ +variable "nat_gateway_configuration" { + description = "all_azs, single_az, or none" + type = string +} + +variable "route_to_nw" { + description = "Tags for the public subnets" + type = bool +} diff --git a/test/examples_nat_gw_routes.go b/test/examples_nat_gw_routes.go new file mode 100644 index 0000000..d607d74 --- /dev/null +++ b/test/examples_nat_gw_routes.go @@ -0,0 +1,84 @@ +package test + +import ( + "testing" + + "github.com/gruntwork-io/terratest/modules/terraform" + "github.com/likexian/gokit/assert" +) + + +func TestExamplesNATGWRoutesNoNATGWNoRoute(t *testing.T) { + + terraformOptions := &terraform.Options{ + TerraformDir: "../examples/nat_gw_routes", + Vars: map[string]interface{}{ + "nat_gateway_configuration" : "none" + "route_to_nw" : false + } + } + + defer terraform.Destroy(t, terraformOptions) + terraform.InitAndApply(t, terraformOptions) + terraform.ApplyAndIdempotent(t, terraformOptions) +} + +func TestExamplesNATGWRoutesSingleAZNATGWNoRoute(t *testing.T) { + + terraformOptions := &terraform.Options{ + TerraformDir: "../examples/nat_gw_routes", + Vars: map[string]interface{}{ + "nat_gateway_configuration" : "single_az" + "route_to_nw" : false + } + } + + defer terraform.Destroy(t, terraformOptions) + terraform.InitAndApply(t, terraformOptions) + terraform.ApplyAndIdempotent(t, terraformOptions) +} + +func TestExamplesNATGWRoutesAllAZsNATGWNoRoute(t *testing.T) { + + terraformOptions := &terraform.Options{ + TerraformDir: "../examples/nat_gw_routes", + Vars: map[string]interface{}{ + "nat_gateway_configuration" : "all_azs" + "route_to_nw" : false + } + } + + defer terraform.Destroy(t, terraformOptions) + terraform.InitAndApply(t, terraformOptions) + terraform.ApplyAndIdempotent(t, terraformOptions) +} + +func TestExamplesNATGWRoutesSingleAZNATGWWithRoute(t *testing.T) { + + terraformOptions := &terraform.Options{ + TerraformDir: "../examples/nat_gw_routes", + Vars: map[string]interface{}{ + "nat_gateway_configuration" : "single_az" + "route_to_nw" : true + } + } + + defer terraform.Destroy(t, terraformOptions) + terraform.InitAndApply(t, terraformOptions) + terraform.ApplyAndIdempotent(t, terraformOptions) +} + +func TestExamplesNATGWRoutesAllAZsNATGWWithRoute(t *testing.T) { + + terraformOptions := &terraform.Options{ + TerraformDir: "../examples/nat_gw_routes", + Vars: map[string]interface{}{ + "nat_gateway_configuration" : "all_azs" + "route_to_nw" : true + } + } + + defer terraform.Destroy(t, terraformOptions) + terraform.InitAndApply(t, terraformOptions) + terraform.ApplyAndIdempotent(t, terraformOptions) +} From 1bbe4c049d23d62db8b6519cf8d42b05ed6b06a1 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Mon, 12 Sep 2022 18:07:22 -0700 Subject: [PATCH 3/6] fixed the module for testing --- examples/nat_gw_routes/main.tf | 20 ++++++++++++-------- examples/nat_gw_routes/outputs.tf | 8 ++++---- examples/nat_gw_routes/variables.tf | 2 +- 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/examples/nat_gw_routes/main.tf b/examples/nat_gw_routes/main.tf index 0f0a260..f01e073 100644 --- a/examples/nat_gw_routes/main.tf +++ b/examples/nat_gw_routes/main.tf @@ -1,38 +1,42 @@ module "nat_gw_vpc" { - source = "aws-ia/vpc/aws" - version = ">= 2.4.0" + source = "../.." name = "nat-gw-options-vpc" cidr_block = "10.51.0.0/16" az_count = 2 subnets = { + public = { name_prefix = "public" # omit to prefix with "public" - cidrs = ["10.51.0.0/24", "10.51.1.0/24"] + netmask = 24 nat_gateway_configuration = var.nat_gateway_configuration tags = { "tier" = "web" } } + app = { name_prefix = "app" - cidrs = ["10.51.21.0/24", "10.51.22.0/24"] + netmask = 24 connect_to_public_natgw = var.route_to_nw tags = { "tier" = "app" } + } + db = { name_prefix = "db" - cidrs = ["10.51.31.0/24", "10.51.32.0/24"] + netmask = 24 connect_to_public_natgw = var.route_to_nw tags = { "tier" = "database" } } + } + tags = { - "app" = "test" - } + "app" = "test" + } } - diff --git a/examples/nat_gw_routes/outputs.tf b/examples/nat_gw_routes/outputs.tf index 6fd3148..f276ced 100644 --- a/examples/nat_gw_routes/outputs.tf +++ b/examples/nat_gw_routes/outputs.tf @@ -1,21 +1,21 @@ output "private_subnet_attributes_by_az" { description = "Map of all private subnets containing their attributes." - value = module.shared_services_vpc.private_subnet_attributes_by_az + value = module.nat_gw_vpc.private_subnet_attributes_by_az } output "public_subnet_attributes_by_az" { description = "Map of all public subnets containing their attributes." - value = module.shared_services_vpc.public_subnet_attributes_by_az + value = module.nat_gw_vpc.public_subnet_attributes_by_az } output "rt_attributes_by_type_by_az" { description = "Map of route tables by type => az => route table attributes." - value = module.shared_services_vpc.rt_attributes_by_type_by_az + value = module.nat_gw_vpc.rt_attributes_by_type_by_az } output "nat_gateway_attributes_by_az" { description = "Map of nat gateway resource attributes by AZ." - value = module.shared_services_vpc.nat_gateway_attributes_by_az + value = module.nat_gw_vpc.nat_gateway_attributes_by_az } diff --git a/examples/nat_gw_routes/variables.tf b/examples/nat_gw_routes/variables.tf index 47f56db..f378236 100644 --- a/examples/nat_gw_routes/variables.tf +++ b/examples/nat_gw_routes/variables.tf @@ -4,6 +4,6 @@ variable "nat_gateway_configuration" { } variable "route_to_nw" { - description = "Tags for the public subnets" + description = "Should route to NATGW be created?" type = bool } From 8c0a8867a0d04b09701eacb3b3cef7ce4ccaf7dc Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Mon, 12 Sep 2022 18:56:07 -0700 Subject: [PATCH 4/6] Fixed format and added README.md --- examples/nat_gw_routes/README.md | 35 ++++++++++++++++++++++++++++++++ examples/nat_gw_routes/main.tf | 2 +- 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/examples/nat_gw_routes/README.md b/examples/nat_gw_routes/README.md index e69de29..f14bb42 100644 --- a/examples/nat_gw_routes/README.md +++ b/examples/nat_gw_routes/README.md @@ -0,0 +1,35 @@ + +## Requirements + +No requirements. + +## Providers + +No providers. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [nat\_gw\_vpc](#module\_nat\_gw\_vpc) | ../.. | n/a | + +## Resources + +No resources. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [nat\_gateway\_configuration](#input\_nat\_gateway\_configuration) | all\_azs, single\_az, or none | `string` | n/a | yes | +| [route\_to\_nw](#input\_route\_to\_nw) | Should route to NATGW be created? | `bool` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [nat\_gateway\_attributes\_by\_az](#output\_nat\_gateway\_attributes\_by\_az) | Map of nat gateway resource attributes by AZ. | +| [private\_subnet\_attributes\_by\_az](#output\_private\_subnet\_attributes\_by\_az) | Map of all private subnets containing their attributes. | +| [public\_subnet\_attributes\_by\_az](#output\_public\_subnet\_attributes\_by\_az) | Map of all public subnets containing their attributes. | +| [rt\_attributes\_by\_type\_by\_az](#output\_rt\_attributes\_by\_type\_by\_az) | Map of route tables by type => az => route table attributes. | + \ No newline at end of file diff --git a/examples/nat_gw_routes/main.tf b/examples/nat_gw_routes/main.tf index f01e073..9f184ee 100644 --- a/examples/nat_gw_routes/main.tf +++ b/examples/nat_gw_routes/main.tf @@ -1,5 +1,5 @@ module "nat_gw_vpc" { - source = "../.." + source = "../.." name = "nat-gw-options-vpc" cidr_block = "10.51.0.0/16" From 90040a9be9d2ac637d8d0311dec4a0f070282f15 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Mon, 12 Sep 2022 20:40:30 -0700 Subject: [PATCH 5/6] Verified new Terratest module --- ...utes.go => examples_nat_gw_routes_test.go} | 31 +++++++++---------- 1 file changed, 15 insertions(+), 16 deletions(-) rename test/{examples_nat_gw_routes.go => examples_nat_gw_routes_test.go} (81%) diff --git a/test/examples_nat_gw_routes.go b/test/examples_nat_gw_routes_test.go similarity index 81% rename from test/examples_nat_gw_routes.go rename to test/examples_nat_gw_routes_test.go index d607d74..cbb8c78 100644 --- a/test/examples_nat_gw_routes.go +++ b/test/examples_nat_gw_routes_test.go @@ -4,7 +4,6 @@ import ( "testing" "github.com/gruntwork-io/terratest/modules/terraform" - "github.com/likexian/gokit/assert" ) @@ -13,9 +12,9 @@ func TestExamplesNATGWRoutesNoNATGWNoRoute(t *testing.T) { terraformOptions := &terraform.Options{ TerraformDir: "../examples/nat_gw_routes", Vars: map[string]interface{}{ - "nat_gateway_configuration" : "none" - "route_to_nw" : false - } + "nat_gateway_configuration" : "none", + "route_to_nw" : false, + }, } defer terraform.Destroy(t, terraformOptions) @@ -28,9 +27,9 @@ func TestExamplesNATGWRoutesSingleAZNATGWNoRoute(t *testing.T) { terraformOptions := &terraform.Options{ TerraformDir: "../examples/nat_gw_routes", Vars: map[string]interface{}{ - "nat_gateway_configuration" : "single_az" - "route_to_nw" : false - } + "nat_gateway_configuration" : "single_az", + "route_to_nw" : false, + }, } defer terraform.Destroy(t, terraformOptions) @@ -43,9 +42,9 @@ func TestExamplesNATGWRoutesAllAZsNATGWNoRoute(t *testing.T) { terraformOptions := &terraform.Options{ TerraformDir: "../examples/nat_gw_routes", Vars: map[string]interface{}{ - "nat_gateway_configuration" : "all_azs" - "route_to_nw" : false - } + "nat_gateway_configuration" : "all_azs", + "route_to_nw" : false, + }, } defer terraform.Destroy(t, terraformOptions) @@ -58,9 +57,9 @@ func TestExamplesNATGWRoutesSingleAZNATGWWithRoute(t *testing.T) { terraformOptions := &terraform.Options{ TerraformDir: "../examples/nat_gw_routes", Vars: map[string]interface{}{ - "nat_gateway_configuration" : "single_az" - "route_to_nw" : true - } + "nat_gateway_configuration" : "single_az", + "route_to_nw" : true, + }, } defer terraform.Destroy(t, terraformOptions) @@ -73,9 +72,9 @@ func TestExamplesNATGWRoutesAllAZsNATGWWithRoute(t *testing.T) { terraformOptions := &terraform.Options{ TerraformDir: "../examples/nat_gw_routes", Vars: map[string]interface{}{ - "nat_gateway_configuration" : "all_azs" - "route_to_nw" : true - } + "nat_gateway_configuration" : "all_azs", + "route_to_nw" : true, + }, } defer terraform.Destroy(t, terraformOptions) From a6702996c4028010bac0dd3f922cafa658a48953 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Mon, 12 Sep 2022 21:08:35 -0700 Subject: [PATCH 6/6] re-structured the test/examples_nat_gw_routes_test.go --- test/examples_nat_gw_routes_test.go | 10 +++++----- .../hcl_fixtures}/nat_gw_routes/.header.md | 0 .../hcl_fixtures}/nat_gw_routes/README.md | 0 {examples => test/hcl_fixtures}/nat_gw_routes/main.tf | 2 +- .../hcl_fixtures}/nat_gw_routes/outputs.tf | 0 .../hcl_fixtures}/nat_gw_routes/variables.tf | 0 6 files changed, 6 insertions(+), 6 deletions(-) rename {examples => test/hcl_fixtures}/nat_gw_routes/.header.md (100%) rename {examples => test/hcl_fixtures}/nat_gw_routes/README.md (100%) rename {examples => test/hcl_fixtures}/nat_gw_routes/main.tf (97%) rename {examples => test/hcl_fixtures}/nat_gw_routes/outputs.tf (100%) rename {examples => test/hcl_fixtures}/nat_gw_routes/variables.tf (100%) diff --git a/test/examples_nat_gw_routes_test.go b/test/examples_nat_gw_routes_test.go index cbb8c78..0e46d31 100644 --- a/test/examples_nat_gw_routes_test.go +++ b/test/examples_nat_gw_routes_test.go @@ -10,7 +10,7 @@ import ( func TestExamplesNATGWRoutesNoNATGWNoRoute(t *testing.T) { terraformOptions := &terraform.Options{ - TerraformDir: "../examples/nat_gw_routes", + TerraformDir: "./hcl_fixtures/nat_gw_routes", Vars: map[string]interface{}{ "nat_gateway_configuration" : "none", "route_to_nw" : false, @@ -25,7 +25,7 @@ func TestExamplesNATGWRoutesNoNATGWNoRoute(t *testing.T) { func TestExamplesNATGWRoutesSingleAZNATGWNoRoute(t *testing.T) { terraformOptions := &terraform.Options{ - TerraformDir: "../examples/nat_gw_routes", + TerraformDir: "./hcl_fixtures/nat_gw_routes", Vars: map[string]interface{}{ "nat_gateway_configuration" : "single_az", "route_to_nw" : false, @@ -40,7 +40,7 @@ func TestExamplesNATGWRoutesSingleAZNATGWNoRoute(t *testing.T) { func TestExamplesNATGWRoutesAllAZsNATGWNoRoute(t *testing.T) { terraformOptions := &terraform.Options{ - TerraformDir: "../examples/nat_gw_routes", + TerraformDir: "./hcl_fixtures/nat_gw_routes", Vars: map[string]interface{}{ "nat_gateway_configuration" : "all_azs", "route_to_nw" : false, @@ -55,7 +55,7 @@ func TestExamplesNATGWRoutesAllAZsNATGWNoRoute(t *testing.T) { func TestExamplesNATGWRoutesSingleAZNATGWWithRoute(t *testing.T) { terraformOptions := &terraform.Options{ - TerraformDir: "../examples/nat_gw_routes", + TerraformDir: "./hcl_fixtures/nat_gw_routes", Vars: map[string]interface{}{ "nat_gateway_configuration" : "single_az", "route_to_nw" : true, @@ -70,7 +70,7 @@ func TestExamplesNATGWRoutesSingleAZNATGWWithRoute(t *testing.T) { func TestExamplesNATGWRoutesAllAZsNATGWWithRoute(t *testing.T) { terraformOptions := &terraform.Options{ - TerraformDir: "../examples/nat_gw_routes", + TerraformDir: "./hcl_fixtures/nat_gw_routes", Vars: map[string]interface{}{ "nat_gateway_configuration" : "all_azs", "route_to_nw" : true, diff --git a/examples/nat_gw_routes/.header.md b/test/hcl_fixtures/nat_gw_routes/.header.md similarity index 100% rename from examples/nat_gw_routes/.header.md rename to test/hcl_fixtures/nat_gw_routes/.header.md diff --git a/examples/nat_gw_routes/README.md b/test/hcl_fixtures/nat_gw_routes/README.md similarity index 100% rename from examples/nat_gw_routes/README.md rename to test/hcl_fixtures/nat_gw_routes/README.md diff --git a/examples/nat_gw_routes/main.tf b/test/hcl_fixtures/nat_gw_routes/main.tf similarity index 97% rename from examples/nat_gw_routes/main.tf rename to test/hcl_fixtures/nat_gw_routes/main.tf index 9f184ee..9847cd5 100644 --- a/examples/nat_gw_routes/main.tf +++ b/test/hcl_fixtures/nat_gw_routes/main.tf @@ -1,5 +1,5 @@ module "nat_gw_vpc" { - source = "../.." + source = "../../.." name = "nat-gw-options-vpc" cidr_block = "10.51.0.0/16" diff --git a/examples/nat_gw_routes/outputs.tf b/test/hcl_fixtures/nat_gw_routes/outputs.tf similarity index 100% rename from examples/nat_gw_routes/outputs.tf rename to test/hcl_fixtures/nat_gw_routes/outputs.tf diff --git a/examples/nat_gw_routes/variables.tf b/test/hcl_fixtures/nat_gw_routes/variables.tf similarity index 100% rename from examples/nat_gw_routes/variables.tf rename to test/hcl_fixtures/nat_gw_routes/variables.tf