Merge pull request #82 from aws-ia/b-fix-secondary-nats-if-singular

bug: fix secondary nats if singular_az is set

README.md

@@ -271,14 +271,15 @@ Please see our [developer documentation](https://github.com/aws-ia/terraform-aws
 | <a name="input_vpc_ipv4_ipam_pool_id"></a> [vpc\_ipv4\_ipam\_pool\_id](#input\_vpc\_ipv4\_ipam\_pool\_id) | Set to use IPAM to get CIDR block. | `string` | `null` | no |
 | <a name="input_vpc_ipv4_netmask_length"></a> [vpc\_ipv4\_netmask\_length](#input\_vpc\_ipv4\_netmask\_length) | Set to use IPAM to get CIDR block using a specified netmask. Must be set with var.vpc\_ipv4\_ipam\_pool\_id. | `string` | `null` | no |
 | <a name="input_vpc_secondary_cidr"></a> [vpc\_secondary\_cidr](#input\_vpc\_secondary\_cidr) | If `true` the module will create a `aws_vpc_ipv4_cidr_block_association` and subnets for that secondary cidr. If using IPAM for both primary and secondary CIDRs, you may only call this module serially (aka using `-target`, etc). | `bool` | `false` | no |
-| <a name="input_vpc_secondary_cidr_natgw"></a> [vpc\_secondary\_cidr\_natgw](#input\_vpc\_secondary\_cidr\_natgw) | When invoking module for a secondary\_cidr attachment, you can map your private / tgw subnets to set of nat gateways by passing a map of az : { id: "nat-<id>"} | `any` | `{}` | no |
+| <a name="input_vpc_secondary_cidr_natgw"></a> [vpc\_secondary\_cidr\_natgw](#input\_vpc\_secondary\_cidr\_natgw) | If attaching a secondary CIDR instead of creating a VPC, you can map private/ tgw subnets to your public NAT GW with this argument. Simply pass the output `nat_gateway_attributes_by_az`, ex: `vpc_secondary_cidr_natgw = module.vpc.natgw_id_per_az`. If you did not build your primary with this module, you must construct a map { az : { id : nat-123asdb }} for each az. | `any` | `{}` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | <a name="output_azs"></a> [azs](#output\_azs) | List of AZs where subnets are created. |
 | <a name="output_nat_gateway_attributes_by_az"></a> [nat\_gateway\_attributes\_by\_az](#output\_nat\_gateway\_attributes\_by\_az) | Map of nat gateway resource attributes by AZ.<br><br>Example:<pre>nat_gateway_attributes_by_az = {<br>  "us-east-1a" = {<br>    "allocation_id" = "eipalloc-0e8b20303eea88b13"<br>    "connectivity_type" = "public"<br>    "id" = "nat-0fde39f9550f4abb5"<br>    "network_interface_id" = "eni-0d422727088bf9a86"<br>    "private_ip" = "10.0.3.40"<br>    "public_ip" = <><br>    "subnet_id" = "subnet-0f11c92e439c8ab4a"<br>    "tags" = tomap({<br>      "Name" = "nat-my-public-us-east-1a"<br>    })<br>    "tags_all" = tomap({<br>      "Name" = "nat-my-public-us-east-1a"<br>    })<br>  }<br>  "us-east-1b" = { ... }<br>}</pre> |
+| <a name="output_natgw_id_per_az"></a> [natgw\_id\_per\_az](#output\_natgw\_id\_per\_az) | Map of nat gateway IDs for each resource. Will be duplicate ids if your var.subnets.public.nat\_gateway\_configuration = "single\_az".<br><br>Example:<pre>natgw_id_per_az = {<br>  "us-east-1a" = {<br>    "id" = "nat-0fde39f9550f4abb5"<br>  }<br>  "us-east-1b" = {<br>    "id" = "nat-0fde39f9550f4abb5"<br>   }<br>}</pre> |
 | <a name="output_private_subnet_attributes_by_az"></a> [private\_subnet\_attributes\_by\_az](#output\_private\_subnet\_attributes\_by\_az) | Map of all private subnets containing their attributes.<br><br>Example:<pre>private_subnet_attributes = {<br>  "private/us-east-1a" = {<br>    "arn" = "arn:aws:ec2:us-east-1:<>:subnet/subnet-04a86315c4839b519"<br>    "assign_ipv6_address_on_creation" = false<br>    ...<br>    <all attributes of subnet: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet#attributes-reference><br>  }<br>  "us-east-1b" = {...)<br>}</pre> |
 | <a name="output_public_subnet_attributes_by_az"></a> [public\_subnet\_attributes\_by\_az](#output\_public\_subnet\_attributes\_by\_az) | Map of all public subnets containing their attributes.<br><br>Example:<pre>public_subnet_attributes = {<br>  "us-east-1a" = {<br>    "arn" = "arn:aws:ec2:us-east-1:<>:subnet/subnet-04a86315c4839b519"<br>    "assign_ipv6_address_on_creation" = false<br>    ...<br>    <all attributes of subnet: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet#attributes-reference><br>  }<br>  "us-east-1b" = {...)<br>}</pre> |
 | <a name="output_rt_attributes_by_type_by_az"></a> [rt\_attributes\_by\_type\_by\_az](#output\_rt\_attributes\_by\_type\_by\_az) | Map of route tables by type => az => route table attributes. Example usage: module.vpc.route\_table\_by\_subnet\_type.private.id<br><br>Example:<pre>route_table_attributes_by_type_by_az = {<br>  "private" = {<br>    "us-east-1a" = {<br>      "id" = "rtb-0e77040c0598df003"<br>      "route_table_id" = "rtb-0e77040c0598df003"<br>      "tags" = tolist([<br>        {<br>          "key" = "Name"<br>          "value" = "private-us-east-1a"<br>        },<br>      ])<br>      "vpc_id" = "vpc-033e054f49409592a"<br>    }<br>    "us-east-1b" = { ... }<br>  "public" = { ... }</pre> |

examples/secondary_cidr/README.md

@@ -35,8 +35,7 @@ No requirements.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_natgw_id_1"></a> [natgw\_id\_1](#input\_natgw\_id\_1) | nat gw id for az 2 | `string` | n/a | yes |
-| <a name="input_natgw_id_2"></a> [natgw\_id\_2](#input\_natgw\_id\_2) | nat gw id for az 2 | `string` | n/a | yes |
+| <a name="input_natgw_id_per_az"></a> [natgw\_id\_per\_az](#input\_natgw\_id\_per\_az) | use the modules natgw\_id\_per\_az | `map(map(string))` | n/a | yes |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | vpc id to create secondary cidr on | `string` | n/a | yes |
 
 ## Outputs

examples/secondary_cidr/main.tf

@@ -11,16 +11,19 @@ module "secondary" {
   vpc_secondary_cidr = true
   vpc_id             = var.vpc_id
 
-  # If referencing another instantiation of this module, you can use the output nat_gateway_attributes_by_az, example:
-  # vpc_secondary_cidr_natgw = module.vpc.nat_gateway_attributes_by_az
-  vpc_secondary_cidr_natgw = {
-    "${data.aws_region.current.name}a" : {
-      id : var.natgw_id_1
-    }
-    "${data.aws_region.current.name}b" : {
-      id : var.natgw_id_2
-    }
-  }
+  vpc_secondary_cidr_natgw = var.natgw_id_per_az
+
+  # If referencing another instantiation of this module, you can use the output natgw_id_per_az, example:
+  # vpc_secondary_cidr_natgw = module.vpc.natgw_id_per_az
+
+  # underly structure is:
+  # {
+  #   az : {
+  #     id : "nat-asdf"
+  #   }
+  # }
+  # but preferably you should just pass the module output natgw_id_per_az
+
   subnets = {
     private = {
       name_prefix             = "secondary-private-natgw-connected"

examples/secondary_cidr/variables.tf

@@ -3,12 +3,7 @@ variable "vpc_id" {
   type        = string
 }
 
-variable "natgw_id_1" {
-  description = "nat gw id for az 2"
-  type        = string
-}
-
-variable "natgw_id_2" {
-  description = "nat gw id for az 2"
-  type        = string
+variable "natgw_id_per_az" {
+  description = "use the modules natgw_id_per_az"
+  type        = map(map(string))
 }

outputs.tf

@@ -132,3 +132,22 @@ output "nat_gateway_attributes_by_az" {
   ```
 EOF
 }
+
+output "natgw_id_per_az" {
+  value       = try(local.nat_per_az, null)
+  description = <<-EOF
+  Map of nat gateway IDs for each resource. Will be duplicate ids if your var.subnets.public.nat_gateway_configuration = "single_az".
+
+  Example:
+  ```
+  natgw_id_per_az = {
+    "us-east-1a" = {
+      "id" = "nat-0fde39f9550f4abb5"
+    }
+    "us-east-1b" = {
+      "id" = "nat-0fde39f9550f4abb5"
+     }
+  }
+  ```
+EOF
+}

test/examples_secondary_cidr_test.go

@@ -6,29 +6,52 @@ import (
 	"github.com/gruntwork-io/terratest/modules/terraform"
 )
 
-func TestExamplesSecondaryCidr(t *testing.T) {
+func TestExamplesSecondaryCidrAllAzs(t *testing.T) {
 
 	primary := &terraform.Options{
 		TerraformDir: "./hcl_fixtures/secondary_cidr_base",
 	}
 	defer terraform.Destroy(t, primary)
 	terraform.InitAndApply(t, primary)
 
-	// region := terraform.Output(t, primary, "region")
 	vpcId := terraform.Output(t, primary, "vpc_id")
-	natgwId1 := terraform.Output(t, primary, "natgw_id_1")
-	natgwId2 := terraform.Output(t, primary, "natgw_id_2")
+
+	natIdsOutput := terraform.OutputMapOfObjects(t, primary, "natgw_ids")
+
+	terraformOptions := &terraform.Options{
+		TerraformDir: "../examples/secondary_cidr",
+		Vars: map[string]interface{}{
+			"vpc_id":          vpcId,
+			"natgw_id_per_az": natIdsOutput,
+		},
+	}
+
+	defer terraform.Destroy(t, terraformOptions)
+	terraform.InitAndApply(t, terraformOptions)
+	terraform.ApplyAndIdempotent(t, terraformOptions)
+
+}
+
+func TestExamplesSecondaryCidrSingleAz(t *testing.T) {
+
+	primary := &terraform.Options{
+		TerraformDir: "./hcl_fixtures/secondary_cidr_base",
+		Vars: map[string]interface{}{
+			"nat_gw_configuration": "single_az",
+		},
+	}
+	defer terraform.Destroy(t, primary)
+	terraform.InitAndApply(t, primary)
+
+	vpcId := terraform.Output(t, primary, "vpc_id")
+
+	natIdsOutput := terraform.OutputMapOfObjects(t, primary, "natgw_ids")
 
 	terraformOptions := &terraform.Options{
 		TerraformDir: "../examples/secondary_cidr",
 		Vars: map[string]interface{}{
-			"vpc_id":     vpcId,
-			"natgw_id_1": natgwId1,
-			"natgw_id_2": natgwId2,
-			// "natgw_attrs": map[string]interface{}{
-			// 	fmt.Sprintf("%v%v", region, "a"): natgwId1,
-			// 	fmt.Sprintf("%v%v", region, "b"): natgwId2,
-			// },
+			"vpc_id":          vpcId,
+			"natgw_id_per_az": natIdsOutput,
 		},
 	}
 

test/hcl_fixtures/secondary_cidr_base/main.tf

@@ -1,18 +1,17 @@
 data "aws_availability_zones" "current" {}
 
 module "vpc" {
-  source  = "aws-ia/vpc/aws"
-  version = ">= 2.0.0"
+  source     = "../../.."
 
   name       = "primary-az-vpc"
   cidr_block = "10.0.0.0/16"
   az_count   = 2
 
   subnets = {
     public = {
-      name_prefix               = "primary-vpc-public" # omit to prefix with "public"
+      name_prefix               = "primary-vpc-public"
       netmask                   = 24
-      nat_gateway_configuration = "all_azs" # options: "single_az", "none"
+      nat_gateway_configuration = var.nat_gw_configuration
     }
     private = {
       netmask                 = 24

test/hcl_fixtures/secondary_cidr_base/outputs.tf

@@ -4,12 +4,8 @@ output "vpc_id" {
 
 }
 
-output "natgw_id_1" {
-  value       = module.vpc.nat_gateway_attributes_by_az[data.aws_availability_zones.current.names[0]].id
-  description = "nat gateway attributes"
+output "natgw_ids" {
+  value       = module.vpc.natgw_id_per_az
+  description = "nat gateway ids per az"
 }
 
-output "natgw_id_2" {
-  value       = module.vpc.nat_gateway_attributes_by_az[data.aws_availability_zones.current.names[1]].id
-  description = "nat gateway attributes"
-}

test/hcl_fixtures/secondary_cidr_base/variables.tf

@@ -0,0 +1,17 @@
+variable "nat_gw_configuration" {
+  type        = string
+  default     = "all_azs"
+  description = <<-EOF
+    If referencing another instantiation of this module, you can use the output natgw_id_per_az, example:
+    vpc_secondary_cidr_natgw = module.vpc.natgw_id_per_az
+
+    underly structure is:
+    {
+        az : {
+            id : "nat-asdf"
+        }
+    }
+    but preferably you should just pass the module output natgw_id_per_az
+EOF
+}
+

variables.tf

@@ -35,7 +35,7 @@ variable "vpc_secondary_cidr" {
 
 variable "vpc_secondary_cidr_natgw" {
   type        = any
-  description = "When invoking module for a secondary_cidr attachment, you can map your private / tgw subnets to set of nat gateways by passing a map of az : { id: \"nat-<id>\"}"
+  description = "If attaching a secondary CIDR instead of creating a VPC, you can map private/ tgw subnets to your public NAT GW with this argument. Simply pass the output `nat_gateway_attributes_by_az`, ex: `vpc_secondary_cidr_natgw = module.vpc.natgw_id_per_az`. If you did not build your primary with this module, you must construct a map { az : { id : nat-123asdb }} for each az."
   default     = {}
 }