Fix ipv6 and align loadbalancer address types

blueprints/third-party-solutions/f5-bigip/f5-bigip-ha-active-deployment/README.md

@@ -91,15 +91,15 @@ Please, note there are a few caveats:
 
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
-| [prefix](variables.tf#L82) | The name prefix used for resources. | <code>string</code> | ✓ |  |
-| [project_id](variables.tf#L93) | The project id where we deploy the resources. | <code>string</code> | ✓ |  |
-| [region](variables.tf#L98) | The region where we deploy the F5 IPs. | <code>string</code> | ✓ |  |
+| [prefix](variables.tf#L89) | The name prefix used for resources. | <code>string</code> | ✓ |  |
+| [project_id](variables.tf#L100) | The project id where we deploy the resources. | <code>string</code> | ✓ |  |
+| [region](variables.tf#L105) | The region where we deploy the F5 IPs. | <code>string</code> | ✓ |  |
 | [backend_vm_configs](variables.tf#L17) | The sample backend VMs configuration. Keys are the zones where VMs are deployed. | <code title="map&#40;object&#40;&#123;&#10;  address        &#61; string&#10;  instance_type  &#61; string&#10;  startup_script &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code title="&#123;&#10;  a &#61; &#123;&#10;    address        &#61; &#34;192.168.100.101&#34;&#10;    instance_type  &#61; &#34;e2-micro&#34;&#10;    startup_script &#61; &#34;apt update &#38;&#38; apt install -y nginx&#34;&#10;  &#125;&#10;  b &#61; &#123;&#10;    address        &#61; &#34;192.168.100.102&#34;&#10;    instance_type  &#61; &#34;e2-micro&#34;&#10;    startup_script &#61; &#34;apt update &#38;&#38; apt install -y nginx&#34;&#10;  &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
-| [forwarding_rules_config](variables.tf#L38) | The optional configurations of the GCP load balancers forwarding rules. | <code>map&#40;any&#41;</code> |  | <code title="&#123;&#10;  &#34;ipv4&#34; &#61; &#123;&#10;    address  &#61; &#34;192.168.100.100&#34;&#10;    protocol &#61; &#34;TCP&#34;&#10;  &#125;&#10;  &#34;ipv6&#34; &#61; &#123;&#10;    ip_version &#61; &#34;IPV6&#34;&#10;  &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
-| [instance_dedicated_configs](variables.tf#L52) | The F5 VMs configuration. The map keys are the zones where the VMs are deployed. | <code>map&#40;any&#41;</code> |  | <code title="&#123;&#10;  a &#61; &#123;&#10;    license_key &#61; &#34;AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE&#34;&#10;    network_config &#61; &#123;&#10;      alias_ip_range_address &#61; &#34;192.168.101.0&#47;24&#34;&#10;      alias_ip_range_name    &#61; &#34;f5-a&#34;&#10;    &#125;&#10;  &#125;&#10;  b &#61; &#123;&#10;    license_key &#61; &#34;AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE&#34;&#10;    network_config &#61; &#123;&#10;      alias_ip_range_address &#61; &#34;192.168.102.0&#47;24&#34;&#10;      alias_ip_range_name    &#61; &#34;f5-b&#34;&#10;    &#125;&#10;  &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
-| [instance_shared_config](variables.tf#L73) | The F5 VMs shared configurations. | <code>map&#40;any&#41;</code> |  | <code title="&#123;&#10;  enable_ipv6    &#61; true&#10;  ssh_public_key &#61; &#34;.&#47;data&#47;mykey.pub&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
-| [project_create](variables.tf#L87) | Whether to automatically create a project. | <code>bool</code> |  | <code>false</code> |
-| [vpc_config](variables.tf#L103) | VPC and subnet ids, in case existing VPCs are used. | <code title="object&#40;&#123;&#10;  backend_vms_cidr &#61; string &#35; used by F5s. Not configured on the VPC.&#10;  dataplane &#61; object&#40;&#123;&#10;    subnets &#61; map&#40;object&#40;&#123;&#10;      cidr                &#61; optional&#40;string&#41;&#10;      secondary_ip_ranges &#61; optional&#40;map&#40;string&#41;&#41; &#35; name -&#62; cidr&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#10;  management &#61; object&#40;&#123;&#10;    subnets &#61; map&#40;object&#40;&#123;&#10;      cidr                &#61; optional&#40;string&#41;&#10;      secondary_ip_ranges &#61; optional&#40;map&#40;string&#41;&#41; &#35; name -&#62; cidr&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  backend_vms_cidr &#61; &#34;192.168.200.0&#47;24&#34;&#10;  dataplane &#61; &#123;&#10;    subnets &#61; &#123;&#10;      clients &#61; &#123;&#10;        cidr &#61; &#34;192.168.0.0&#47;24&#34;&#10;      &#125;&#10;      dataplane &#61; &#123;&#10;        cidr &#61; &#34;192.168.100.0&#47;24&#34;&#10;        secondary_ip_ranges &#61; &#123;&#10;          f5-a &#61; &#34;192.168.101.0&#47;24&#34;&#10;          f5-b &#61; &#34;192.168.102.0&#47;24&#34;&#10;        &#125;&#10;      &#125;&#10;    &#125;&#10;  &#125;&#10;  management &#61; &#123;&#10;    subnets &#61; &#123;&#10;      management &#61; &#123;&#10;        cidr &#61; &#34;192.168.250.0&#47;24&#34;&#10;      &#125;&#10;    &#125;&#10;  &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
+| [forwarding_rules_config](variables.tf#L38) | The optional configurations of the GCP load balancers forwarding rules. | <code title="map&#40;object&#40;&#123;&#10;  address       &#61; optional&#40;string&#41;&#10;  external      &#61; optional&#40;bool, false&#41;&#10;  global_access &#61; optional&#40;bool, true&#41;&#10;  ipv6          &#61; optional&#40;bool, false&#41;&#10;  protocol      &#61; optional&#40;string, &#34;L3_DEFAULT&#34;&#41;&#10;  subnetwork    &#61; optional&#40;string&#41; &#35; used for IPv6 NLBs&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code title="&#123;&#10;  &#34;ipv4&#34; &#61; &#123;&#10;    address  &#61; &#34;192.168.100.100&#34;&#10;    protocol &#61; &#34;TCP&#34;&#10;  &#125;&#10;  &#34;ipv6&#34; &#61; &#123;&#10;    ipv6 &#61; true&#10;  &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
+| [instance_dedicated_configs](variables.tf#L59) | The F5 VMs configuration. The map keys are the zones where the VMs are deployed. | <code>map&#40;any&#41;</code> |  | <code title="&#123;&#10;  a &#61; &#123;&#10;    license_key &#61; &#34;AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE&#34;&#10;    network_config &#61; &#123;&#10;      alias_ip_range_address &#61; &#34;192.168.101.0&#47;24&#34;&#10;      alias_ip_range_name    &#61; &#34;f5-a&#34;&#10;    &#125;&#10;  &#125;&#10;  b &#61; &#123;&#10;    license_key &#61; &#34;AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE&#34;&#10;    network_config &#61; &#123;&#10;      alias_ip_range_address &#61; &#34;192.168.102.0&#47;24&#34;&#10;      alias_ip_range_name    &#61; &#34;f5-b&#34;&#10;    &#125;&#10;  &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
+| [instance_shared_config](variables.tf#L80) | The F5 VMs shared configurations. | <code>map&#40;any&#41;</code> |  | <code title="&#123;&#10;  enable_ipv6    &#61; true&#10;  ssh_public_key &#61; &#34;.&#47;data&#47;mykey.pub&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
+| [project_create](variables.tf#L94) | Whether to automatically create a project. | <code>bool</code> |  | <code>false</code> |
+| [vpc_config](variables.tf#L110) | VPC and subnet ids, in case existing VPCs are used. | <code title="object&#40;&#123;&#10;  backend_vms_cidr &#61; string &#35; used by F5s. Not configured on the VPC.&#10;  dataplane &#61; object&#40;&#123;&#10;    subnets &#61; map&#40;object&#40;&#123;&#10;      cidr                &#61; optional&#40;string&#41;&#10;      secondary_ip_ranges &#61; optional&#40;map&#40;string&#41;&#41; &#35; name -&#62; cidr&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#10;  management &#61; object&#40;&#123;&#10;    subnets &#61; map&#40;object&#40;&#123;&#10;      cidr                &#61; optional&#40;string&#41;&#10;      secondary_ip_ranges &#61; optional&#40;map&#40;string&#41;&#41; &#35; name -&#62; cidr&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  backend_vms_cidr &#61; &#34;192.168.200.0&#47;24&#34;&#10;  dataplane &#61; &#123;&#10;    subnets &#61; &#123;&#10;      clients &#61; &#123;&#10;        cidr &#61; &#34;192.168.0.0&#47;24&#34;&#10;      &#125;&#10;      dataplane &#61; &#123;&#10;        cidr &#61; &#34;192.168.100.0&#47;24&#34;&#10;        secondary_ip_ranges &#61; &#123;&#10;          f5-a &#61; &#34;192.168.101.0&#47;24&#34;&#10;          f5-b &#61; &#34;192.168.102.0&#47;24&#34;&#10;        &#125;&#10;      &#125;&#10;    &#125;&#10;  &#125;&#10;  management &#61; &#123;&#10;    subnets &#61; &#123;&#10;      management &#61; &#123;&#10;        cidr &#61; &#34;192.168.250.0&#47;24&#34;&#10;      &#125;&#10;    &#125;&#10;  &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
 
 ## Outputs
 
@@ -108,7 +108,6 @@ Please, note there are a few caveats:
 | [f5_management_ips](outputs.tf#L17) | The F5 management interfaces IP addresses. |  |
 | [forwarding_rule_configss](outputs.tf#L22) | The GCP forwarding rules configurations. |  |
 <!-- END TFDOC -->
-
 ## Test
 ```hcl
 module "f5-deployment" {

blueprints/third-party-solutions/f5-bigip/f5-bigip-ha-active-deployment/variables.tf

@@ -36,15 +36,22 @@ variable "backend_vm_configs" {
 }
 
 variable "forwarding_rules_config" {
-  type        = map(any)
+  type = map(object({
+    address       = optional(string)
+    external      = optional(bool, false)
+    global_access = optional(bool, true)
+    ipv6          = optional(bool, false)
+    protocol      = optional(string, "L3_DEFAULT")
+    subnetwork    = optional(string) # used for IPv6 NLBs
+  }))
   description = "The optional configurations of the GCP load balancers forwarding rules."
   default = {
     "ipv4" = {
       address  = "192.168.100.100"
       protocol = "TCP"
     }
     "ipv6" = {
-      ip_version = "IPV6"
+      ipv6 = true
     }
   }
 }

blueprints/third-party-solutions/f5-bigip/f5-bigip-ha-active/README.md

@@ -8,7 +8,7 @@ This blueprint allows to create active/active private and/or public F5 BigIP-VE
 
 ## Design notes
 
-- The blueprint supports by default two VPCs: a `dataplane` network and a `management` network. 
+- The blueprint supports by default two VPCs: a `dataplane` network and a `management` network.
 - We don't use the `F5 Cloud Failover Extension (CFE)`. This would imply an active/passive architecture, it would limit the number of instances to two, it would use static routes and it would require F5 VMs service accounts to have roles set, so they can configure routes.
 - Instead, users can deploy as many active instances they need and we make them reachable through passthrough GCP load balancers.
 - The blueprint allows to expose the F5 instances both externally and internally, using internal and external network passthrough load balancers. You can also choose to expose the same F5 instances both externally and internally at the same time.
@@ -276,12 +276,12 @@ module "f5-lb" {
     }
     "ext-ipv6" = {
       external   = true
-      ip_version = "IPV6"
+      ipv6       = true
       subnetwork = "projects/my-project/regions/europe-west1/subnetworks/ipv6_external"
     }
     "int-ipv4" = {}
     "int-ipv6" = {
-      ip_version = "IPV6"
+      ipv6 = true
     }
   }
 
@@ -359,7 +359,7 @@ This is the original copyright notice from the third-party repository: `Copyrigh
 | [project_id](variables.tf#L83) | The project id where we deploy the resources. | <code>string</code> | ✓ |  |
 | [region](variables.tf#L88) | The region where we deploy the F5 IPs. | <code>string</code> | ✓ |  |
 | [vpc_config](variables.tf#L93) | The dataplane and mgmt network and subnetwork self links. | <code title="object&#40;&#123;&#10;  dataplane &#61; object&#40;&#123;&#10;    network    &#61; string&#10;    subnetwork &#61; string&#10;  &#125;&#41;&#10;  management &#61; object&#40;&#123;&#10;    network    &#61; string&#10;    subnetwork &#61; string&#10;  &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
-| [forwarding_rules_config](variables.tf#L17) | The optional configurations of the GCP load balancers forwarding rules. | <code title="map&#40;object&#40;&#123;&#10;  address       &#61; optional&#40;string&#41;&#10;  external      &#61; optional&#40;bool, false&#41;&#10;  global_access &#61; optional&#40;bool, true&#41;&#10;  ip_version    &#61; optional&#40;string, &#34;IPV4&#34;&#41;&#10;  protocol      &#61; optional&#40;string, &#34;L3_DEFAULT&#34;&#41;&#10;  subnetwork    &#61; optional&#40;string&#41; &#35; used for IPv6 NLBs&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code title="&#123;&#10;  l4 &#61; &#123;&#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
+| [forwarding_rules_config](variables.tf#L17) | The optional configurations of the GCP load balancers forwarding rules. | <code title="map&#40;object&#40;&#123;&#10;  address       &#61; optional&#40;string&#41;&#10;  external      &#61; optional&#40;bool, false&#41;&#10;  global_access &#61; optional&#40;bool, true&#41;&#10;  ipv6          &#61; optional&#40;bool, false&#41;&#10;  protocol      &#61; optional&#40;string, &#34;L3_DEFAULT&#34;&#41;&#10;  subnetwork    &#61; optional&#40;string&#41; &#35; used for IPv6 NLBs&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code title="&#123;&#10;  l4 &#61; &#123;&#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
 | [health_check_config](variables.tf#L32) | The optional health check configuration. The variable types are enforced by the underlying module. | <code>map&#40;any&#41;</code> |  | <code title="&#123;&#10;  tcp &#61; &#123;&#10;    port               &#61; 65535&#10;    port_specification &#61; &#34;USE_FIXED_PORT&#34;&#10;  &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |
 | [instance_shared_config](variables.tf#L56) | The F5 VMs shared configurations. | <code title="object&#40;&#123;&#10;  boot_disk &#61; optional&#40;object&#40;&#123;&#10;    image &#61; optional&#40;string, &#34;projects&#47;f5-7626-networks-public&#47;global&#47;images&#47;f5-bigip-15-1-2-1-0-0-10-byol-ltm-2boot-loc-210115160742&#34;&#41;&#10;    size  &#61; optional&#40;number, 100&#41;&#10;    type  &#61; optional&#40;string, &#34;pd-ssd&#34;&#41;&#10;  &#125;&#41;, &#123;&#125;&#41;&#10;  enable_ipv6   &#61; optional&#40;bool, false&#41; &#35; needs to be true to receive traffic from IPv6 forwarding rules&#10;  instance_type &#61; optional&#40;string, &#34;n2-standard-4&#34;&#41;&#10;  secret &#61; optional&#40;object&#40;&#123;&#10;    is_gcp &#61; optional&#40;bool, false&#41;&#10;    value  &#61; optional&#40;string, &#34;MyFabricSecret123&#33;&#34;&#41;&#10;  &#125;&#41;, &#123;&#125;&#41;&#10;  service_account &#61; optional&#40;string&#41;&#10;  ssh_public_key  &#61; optional&#40;string, &#34;my_key.pub&#34;&#41;&#10;  tags            &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  username        &#61; optional&#40;string, &#34;admin&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
 

blueprints/third-party-solutions/f5-bigip/f5-bigip-ha-active/load_balancers.tf

@@ -20,15 +20,15 @@ locals {
     : k => {
       address       = try(module.lb-addresses.internal_addresses["${var.prefix}-ilb-${k}"].address)
       global_access = v.global_access
-      ip_version    = v.ip_version
+      ipv6          = v.ipv6
       protocol      = v.protocol
     } if v.external == false
   }
   nlb_forwarding_rules_config = {
     for k, v in var.forwarding_rules_config
     : k => {
       address    = try(module.lb-addresses.external_addresses["${var.prefix}-nlb-${k}"].address)
-      ip_version = v.ip_version
+      ipv6       = v.ipv6
       protocol   = v.protocol
       subnetwork = v.subnetwork
     } if v.external == true
@@ -42,7 +42,7 @@ module "lb-addresses" {
     for k, v in var.forwarding_rules_config
     : k => {
       address    = v.address
-      ipv6       = v.ip_version == "IPV6" ? { endpoint_type = "NETLB" } : null
+      ipv6       = v.ipv6 ? { endpoint_type = "NETLB" } : null
       name       = "${var.prefix}-nlb-${k}"
       region     = var.region
       subnetwork = var.vpc_config["dataplane"]["subnetwork"]
@@ -52,7 +52,7 @@ module "lb-addresses" {
     for k, v in var.forwarding_rules_config
     : k => {
       address    = v.address
-      ipv6       = v.ip_version == "IPV6" ? {} : null
+      ipv6       = v.ipv6 == "IPV6" ? {} : null
       name       = "${var.prefix}-ilb-${k}"
       region     = var.region
       subnetwork = var.vpc_config["dataplane"]["subnetwork"]

blueprints/third-party-solutions/f5-bigip/f5-bigip-ha-active/variables.tf

@@ -19,7 +19,7 @@ variable "forwarding_rules_config" {
     address       = optional(string)
     external      = optional(bool, false)
     global_access = optional(bool, true)
-    ip_version    = optional(string, "IPV4")
+    ipv6          = optional(bool, false)
     protocol      = optional(string, "L3_DEFAULT")
     subnetwork    = optional(string) # used for IPv6 NLBs
   }))

modules/net-lb-app-ext/main.tf

@@ -49,7 +49,7 @@ resource "google_compute_global_forwarding_rule" "default" {
   description = coalesce(each.value.description, var.description)
   ip_address  = each.value.address
   ip_protocol = "TCP"
-  ip_version  = each.value.ipv6 == true ? "IPV6" : "IPV4"
+  ip_version  = each.value.address != null ? null : each.value.ipv6 == true ? "IPV6" : "IPV4" # do not set if address is provided
   load_balancing_scheme = (
     var.use_classic_version ? "EXTERNAL" : "EXTERNAL_MANAGED"
   )