-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
362 lines (303 loc) · 10.7 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
variable "cloud" {
description = "Cloud type"
type = string
validation {
condition = contains(["aws", "azure", "oci", "ali", "gcp"], lower(var.cloud))
error_message = "Invalid cloud type. Choose AWS, Azure, GCP, ALI or OCI."
}
}
variable "name" {
description = "Name for this transit VPC and it's gateways"
type = string
default = ""
validation {
condition = length(var.name) <= 50
error_message = "Name is too long. Max length is 50 characters."
}
validation {
condition = can(regex("^[a-zA-Z0-9-_]*$", var.name))
error_message = "For the transit name value only a-z, A-Z, 0-9 and hyphens and underscores are allowed."
}
}
variable "region" {
description = "The region to deploy this module in"
type = string
}
variable "connected_transit" {
description = "Set to false to disable connected transit."
type = bool
default = true
}
variable "hybrid_connection" {
description = "Set to true to prepare Aviatrix transit for TGW connection."
type = bool
default = false
}
variable "bgp_manual_spoke_advertise_cidrs" {
description = "Define a list of CIDRs that should be advertised via BGP."
type = string
default = ""
}
variable "learned_cidr_approval" {
description = "Set to true to enable learned CIDR approval."
type = string
default = "false"
}
variable "learned_cidrs_approval_mode" {
description = "Learned cidrs approval mode. Defaults to Gateway. Valid values: gateway, connection"
type = string
default = null
}
variable "enable_segmentation" {
description = "Switch to true to enable transit segmentation"
type = bool
default = false
}
variable "ha_region" {
description = "Secondary GCP region where subnet and HA Aviatrix Transit Gateway will be created"
type = string
default = ""
}
variable "cidr" {
description = "The CIDR range to be used for the VPC"
type = string
default = ""
validation {
condition = var.cidr != "" ? can(cidrnetmask(var.cidr)) : true
error_message = "This does not like a valid CIDR."
}
}
variable "ha_cidr" {
description = "CIDR of the HA GCP subnet"
type = string
default = ""
validation {
condition = var.ha_cidr != "" ? can(cidrnetmask(var.ha_cidr)) : true
error_message = "This does not like a valid CIDR."
}
}
variable "enable_firenet" {
description = "Sign of readiness for FireNet connection"
type = bool
default = false
}
variable "enable_transit_firenet" {
description = "Sign of readiness for Transit FireNet connection"
type = bool
default = false
}
variable "enable_egress_transit_firenet" {
description = "Enable Egress Transit FireNet"
type = bool
default = false
}
variable "bgp_polling_time" {
description = "BGP route polling time. Unit is in seconds"
type = string
default = "50"
}
variable "bgp_ecmp" {
description = "Enable Equal Cost Multi Path (ECMP) routing for the next hop"
type = bool
default = false
}
variable "enable_multi_tier_transit" {
description = "Set to true to enable multi tier transit."
type = bool
default = false
}
variable "enable_advertise_transit_cidr" {
description = "Switch to enable/disable advertise transit VPC network CIDR for a VGW connection"
type = bool
default = false
}
variable "local_as_number" {
description = "Changes the Aviatrix Transit Gateway ASN number before you setup Aviatrix Transit Gateway connection configurations."
type = string
default = null
}
variable "enable_bgp_over_lan" {
description = "Enable BGP over LAN. Creates eth4 for integration with SDWAN for example"
type = bool
default = false
}
variable "account" {
description = "The AWS account name, as known by the Aviatrix controller"
type = string
}
variable "instance_size" {
description = "Instance size for the Aviatrix gateways"
type = string
default = ""
}
variable "ha_gw" {
description = "Boolean to determine if module will be deployed in HA or single mode"
type = bool
default = true
}
variable "insane_mode" {
description = "Set to true to enable Aviatrix high performance encryption."
type = bool
default = false
}
variable "az1" {
description = "Concatenates with region to form az names. e.g. eu-central-1a. Only used for insane mode"
type = string
default = ""
}
variable "az2" {
description = "Concatenates with region to form az names. e.g. eu-central-1b. Only used for insane mode"
type = string
default = ""
}
variable "az_support" {
description = "Set to true if the Azure region supports AZ's"
type = bool
default = true
}
variable "single_az_ha" {
description = "Set to true if Controller managed Gateway HA is desired"
type = bool
default = true
}
variable "single_ip_snat" {
description = "Specify whether to enable Source NAT feature in single_ip mode on the gateway or not. Please disable AWS NAT instance before enabling this feature. Currently only supports AWS(1) and AZURE(8). Valid values: true, false."
type = bool
default = false
}
variable "enable_encrypt_volume" {
description = "Enable EBS volume encryption for Gateway. Only supports AWS and AWSGOV provider. Valid values: true, false. Default value: false"
type = bool
default = false
}
variable "customer_managed_keys" {
description = "Customer managed key ID for EBS Volume encryption."
type = string
default = null
}
variable "tunnel_detection_time" {
description = "The IPsec tunnel down detection time for the Transit Gateway in seconds. Must be a number in the range [20-600]."
type = number
default = null
validation {
condition = var.tunnel_detection_time != null ? (var.tunnel_detection_time >= 20 && var.tunnel_detection_time <= 600) : true
error_message = "Invalid value. Must be in range 20-600."
}
}
variable "tags" {
description = "Map of tags to assign to the gateway."
type = map(string)
default = null
}
variable "resource_group" {
description = "Provide the name of an existing resource group."
type = string
default = null
}
variable "bgp_lan_interfaces" {
description = "Interfaces to run BGP protocol on top of the ethernet interface."
type = map(any)
default = {}
}
variable "ha_bgp_lan_interfaces" {
description = "Interfaces to run BGP protocol on top of the ethernet interface."
type = map(any)
default = {}
}
locals {
cloud = lower(var.cloud)
name = length(var.name) > 0 ? var.name : local.default_name
default_name = lower(replace("avx-${var.region}-transit", " ", "-")) #Remove spaces from region names and force lowercase
cidr = var.cidr
cidrbits = tonumber(split("/", local.cidr)[1])
newbits = 26 - local.cidrbits
netnum = pow(2, local.newbits)
insane_mode_subnet = cidrsubnet(local.cidr, local.newbits, local.netnum - 2)
ha_insane_mode_subnet = cidrsubnet(local.cidr, local.newbits, local.netnum - 1)
az1 = length(var.az1) > 0 ? var.az1 : lookup(local.az1_map, local.cloud, null)
az1_map = {
azure = var.az_support ? "az-1" : null,
aws = "a",
gcp = "b",
}
az2 = length(var.az2) > 0 ? var.az2 : lookup(local.az2_map, local.cloud, null)
az2_map = {
azure = var.az_support ? "az-2" : null,
aws = "b",
gcp = "c",
}
subnet = var.insane_mode && contains(["aws", "azure"], local.cloud) ? local.insane_mode_subnet : (local.cloud == "gcp" ? aviatrix_vpc.default.subnets[local.subnet_map[local.cloud]].cidr : aviatrix_vpc.default.public_subnets[local.subnet_map[local.cloud]].cidr)
subnet_map = {
azure = 2,
aws = 0
gcp = 0,
oci = 0,
ali = 0,
}
ha_subnet = var.insane_mode && contains(["aws", "azure"], local.cloud) ? local.ha_insane_mode_subnet : (local.cloud == "gcp" ? aviatrix_vpc.default.subnets[local.ha_subnet_map[local.cloud]].cidr : aviatrix_vpc.default.public_subnets[local.ha_subnet_map[local.cloud]].cidr)
ha_subnet_map = {
azure = 3,
aws = 1
gcp = length(var.ha_region) > 0 ? 1 : 0
oci = 0,
ali = 1,
}
region = local.cloud == "gcp" ? "${var.region}-${local.az1}" : var.region
zone = local.cloud == "azure" ? local.az1 : null
ha_zone = lookup(local.ha_zone_map, local.cloud, null)
ha_zone_map = {
azure = local.az2,
gcp = local.cloud == "gcp" ? length(var.ha_region) > 0 ? "${var.ha_region}-${local.az2}" : "${var.region}-${local.az2}" : null
}
insane_mode_az = var.insane_mode ? lookup(local.insane_mode_az_map, local.cloud, null) : null
insane_mode_az_map = {
aws = local.cloud == "aws" ? "${var.region}${local.az1}" : null,
}
ha_insane_mode_az = var.insane_mode ? lookup(local.ha_insane_mode_az_map, local.cloud, null) : null
ha_insane_mode_az_map = {
aws = local.cloud == "aws" ? "${var.region}${local.az2}" : null,
}
is_china = can(regex("^cn-|^China ", var.region)) && contains(["aws", "azure"], local.cloud) #If a region in Azure or AWS starts with China prefix, then results in true.
is_gov = can(regex("^us-gov|^US Gov ", var.region)) && contains(["aws", "azure"], local.cloud) #If a region in Azure or AWS starts with Gov prefix, then results in true.
cloud_type = local.is_china ? lookup(local.cloud_type_map_china, local.cloud, null) : (local.is_gov ? lookup(local.cloud_type_map_gov, local.cloud, null) : lookup(local.cloud_type_map, local.cloud, null))
cloud_type_map = {
azure = 8,
aws = 1,
gcp = 4,
oci = 16,
ali = 8192,
}
cloud_type_map_china = {
azure = 2048,
aws = 1024,
}
cloud_type_map_gov = {
azure = 32,
aws = 256,
}
instance_size = (
length(var.instance_size) > 0 ? (
var.instance_size #If instance size is provided, use it.
)
:
(var.insane_mode ?
lookup(local.insane_mode_instance_size_map, local.cloud, null) #If instance size is not provided and var.insane_mode is true, lookup in this table.
: #
lookup(local.instance_size_map, local.cloud, null) #If instance size is not provided and var.insane_mode is false, lookup in this table.
)
)
instance_size_map = {
azure = "Standard_B1ms",
aws = "t3.medium",
gcp = "n1-standard-1",
oci = "VM.Standard2.2",
ali = "ecs.g5ne.large",
}
insane_mode_instance_size_map = {
azure = "Standard_D3_v2",
aws = "c5n.large",
gcp = "n1-highcpu-4",
oci = "VM.Standard2.2",
ali = null
}
}