Add availabilityZoneCidrMask option

Allow users to reserve more space for additional AZs to be added later.
pulumi · Nov 17, 2023 · 655eb0d · 655eb0d
1 parent 8a3a92b
commit 655eb0d
Show file tree

Hide file tree

Showing 8 changed files with 42 additions and 8 deletions.
diff --git a/awsx/ec2/subnetDistributorLegacy.test.ts b/awsx/ec2/subnetDistributorLegacy.test.ts
@@ -169,6 +169,18 @@ describe("default subnet layout", () => {
       });
     }
   });
+  it("can override az cidr mask", () => {
+    const vpcCidr = "10.0.0.0/16";
+    const result = getSubnetSpecsLegacy(
+      "vpcName",
+      vpcCidr,
+      ["us-east-1a"],
+      [{ type: "Public" }],
+      21,
+    );
+    // Would default to /20 as that's the hard coded max size for a public subnet
+    expect(result[0].cidrBlock).toBe("10.0.0.0/21");
+  });
 });
 
 function getCidrMask(cidrBlock: string): number {

diff --git a/awsx/ec2/subnetDistributorLegacy.ts b/awsx/ec2/subnetDistributorLegacy.ts
@@ -35,6 +35,7 @@ export function getSubnetSpecsLegacy(
   vpcCidr: string,
   azNames: string[],
   subnetInputs?: SubnetSpecInputs[],
+  azCidrMask?: number,
 ): SubnetSpec[] {
   // Design:
   // 1. Split the VPC CIDR block evenly between the AZs.
@@ -46,7 +47,10 @@ export function getSubnetSpecsLegacy(
   // 1. Attempt to use the legacy method (cidrSubnetV4) to get the next block.
   // 2. Check if the generated next block overlaps with the previous block.
   // 3. If there's overlap, use the new method (nextBlock) to get the next block.
-  const newBitsPerAZ = Math.log2(nextPow2(azNames.length));
+  const newBitsPerAZ =
+    azCidrMask !== undefined
+      ? azCidrMask - new ipAddress.Address4(vpcCidr).subnetMask
+      : Math.log2(nextPow2(azNames.length));
 
   const azBases: string[] = [];
   for (let i = 0; i < azNames.length; i++) {

diff --git a/awsx/ec2/subnetDistributorNew.test.ts b/awsx/ec2/subnetDistributorNew.test.ts
@@ -121,6 +121,11 @@ describe("default subnet layout", () => {
       ),
     );
   });
+  it("can override az cidr mask", () => {
+    const vpcCidr = "10.0.0.0/16";
+    const result = getSubnetSpecs("vpcName", vpcCidr, ["us-east-1a"], [{ type: "Public" }], 19);
+    expect(result[0].cidrBlock).toBe("10.0.0.0/19"); // Would default to /16 as only a single AZ and single subnet
+  });
 });
 
 function getCidrMask(cidrBlock: string): number {

diff --git a/awsx/ec2/subnetDistributorNew.ts b/awsx/ec2/subnetDistributorNew.ts
@@ -34,10 +34,10 @@ export function getSubnetSpecs(
   vpcCidr: string,
   azNames: string[],
   subnetInputs: SubnetSpecInputs[] | undefined,
+  azCidrMask?: number,
 ): SubnetSpec[] {
   const vpcNetmask = new Netmask(vpcCidr);
-  const newBitsPerAZ = newBits(azNames.length);
-  const azBitmask = vpcNetmask.bitmask + newBitsPerAZ;
+  const azBitmask = azCidrMask ?? vpcNetmask.bitmask + newBits(azNames.length);
 
   const subnetSpecs = subnetInputs ?? defaultSubnetInputs(azBitmask);
   if (subnetSpecs.length === 0) {

diff --git a/awsx/ec2/vpc.ts b/awsx/ec2/vpc.ts
@@ -116,7 +116,13 @@ export class Vpc extends schema.Vpc<VpcData> {
       if (parsedSpecs.isExplicitLayout) {
         return getSubnetSpecsExplicit(name, availabilityZones, parsedSpecs.normalizedSpecs);
       }
-      return getSubnetSpecs(name, cidrBlock, availabilityZones, parsedSpecs.normalizedSpecs);
+      return getSubnetSpecs(
+        name,
+        cidrBlock,
+        availabilityZones,
+        parsedSpecs.normalizedSpecs,
+        args.availabilityZoneCidrMask,
+      );
     })();
 
     validateSubnets(subnetSpecs, getOverlappingSubnets);

diff --git a/awsx/schema-types.ts b/awsx/schema-types.ts
@@ -79,6 +79,7 @@ export abstract class Vpc<TData = any> extends (pulumi.ComponentResource)<TData>
 }
 export interface VpcArgs {
     readonly assignGeneratedIpv6CidrBlock?: pulumi.Input<boolean>;
+    readonly availabilityZoneCidrMask?: number;
     readonly availabilityZoneNames?: string[];
     readonly cidrBlock?: string;
     readonly enableDnsHostnames?: pulumi.Input<boolean>;

diff --git a/awsx/schema.json b/awsx/schema.json
@@ -1964,6 +1964,11 @@
                     "type": "boolean",
                     "description": "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. Default is `false`. Conflicts with `ipv6_ipam_pool_id`\n"
                 },
+                "availabilityZoneCidrMask": {
+                    "type": "integer",
+                    "plain": true,
+                    "description": "The netmask for each available zone to be aligned to. This is optional, the default value is inferred based on an even distribution of available space from the VPC's CIDR block after being divided evenly by the number of availability zones."
+                },
                 "availabilityZoneNames": {
                     "type": "array",
                     "items": {

diff --git a/schemagen/pkg/gen/ec2.go b/schemagen/pkg/gen/ec2.go
@@ -104,10 +104,11 @@ func vpcResource(awsSpec schema.PackageSpec) schema.ResourceSpec {
 		},
 		"numberOfAvailabilityZones": {
 			Description: fmt.Sprintf("A number of availability zones to which the subnets defined in %v will be deployed. Optional, defaults to the first 3 AZs in the current region.", subnetSpecs),
-			TypeSpec: schema.TypeSpec{
-				Type:  "integer",
-				Plain: true,
-			},
+			TypeSpec:    plainInt(),
+		},
+		"availabilityZoneCidrMask": {
+			Description: "The netmask for each available zone to be aligned to. This is optional, the default value is inferred based on an even distribution of available space from the VPC's CIDR block after being divided evenly by the number of availability zones.",
+			TypeSpec:    plainInt(),
 		},
 		"cidrBlock": {
 			Description: "The CIDR block for the VPC. Optional. Defaults to 10.0.0.0/16.",