feat: added new input variables to give full flexibility over VPC res…

…ource naming. New variables include: `vpc_flow_logs_name`, `public_gateway_name`, `routing_table_name`, `dns_custom_resolver_name`, `dns_instance_name`, and `dns_binding_name`. (#697)
terraform-ibm-modules · Jan 3, 2024 · 760689b · 760689b
1 parent d424eba
commit 760689b
Show file tree

Hide file tree

Showing 12 changed files with 152 additions and 53 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-12-11T14:29:11Z",
+  "generated_at": "2023-12-19T10:03:18Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

diff --git a/README.md b/README.md
@@ -58,6 +58,10 @@ module vpc {
 }
 ```
 
+### Resource naming
+
+The module automatically generates names for the all provisioned VPC resources using the `var.prefix` input variable. You can selectively override this behavior by giving explicit names through the following input variables: `name` (for VPC name), `dns_binding_name`, `dns_instance_name`, `dns_custom_resolver_name`, `routing_table_name`, `public_gateway_name`, and `vpc_flow_logs_name`.
+
 ### Subnets
 
  You can create a maximum of three zones in the [subnet.tf](subnet.tf) file. The zones are defined as lists in the file, and then are converted to objects before the resources are provisioned. The conversion ensures that the addition or deletion of subnets affects only the added or deleted subnets, as shown in the following example.
@@ -142,6 +146,9 @@ To attach access management tags to resources in this module, you need the follo
 | <a name="input_default_network_acl_name"></a> [default\_network\_acl\_name](#input\_default\_network\_acl\_name) | OPTIONAL - Name of the Default ACL. If null, a name will be automatically generated | `string` | `null` | no |
 | <a name="input_default_routing_table_name"></a> [default\_routing\_table\_name](#input\_default\_routing\_table\_name) | OPTIONAL - Name of the Default Routing Table. If null, a name will be automatically generated | `string` | `null` | no |
 | <a name="input_default_security_group_name"></a> [default\_security\_group\_name](#input\_default\_security\_group\_name) | OPTIONAL - Name of the Default Security Group. If null, a name will be automatically generated | `string` | `null` | no |
+| <a name="input_dns_binding_name"></a> [dns\_binding\_name](#input\_dns\_binding\_name) | The name to give the provisioned VPC DNS resolution binding. If not set, the module generates a name based on the `prefix` and `name` variables. | `string` | `null` | no |
+| <a name="input_dns_custom_resolver_name"></a> [dns\_custom\_resolver\_name](#input\_dns\_custom\_resolver\_name) | The name to give the provisioned DNS custom resolver instance. If not set, the module generates a name based on the `prefix` and `name` variables. | `string` | `null` | no |
+| <a name="input_dns_instance_name"></a> [dns\_instance\_name](#input\_dns\_instance\_name) | The name to give the provisioned DNS instance. If not set, the module generates a name based on the `prefix` and `name` variables. | `string` | `null` | no |
 | <a name="input_dns_location"></a> [dns\_location](#input\_dns\_location) | The target location or environment for the DNS instance created to host the custom resolver in a hub-spoke DNS resolution topology. Only used if enable\_hub is true and skip\_custom\_resolver\_hub\_creation is false (defaults). | `string` | `"global"` | no |
 | <a name="input_dns_plan"></a> [dns\_plan](#input\_dns\_plan) | The plan for the DNS resource instance created to host the custom resolver in a hub-spoke DNS resolution topology. Only used if enable\_hub is true and skip\_custom\_resolver\_hub\_creation is false (defaults). | `string` | `"standard-dns"` | no |
 | <a name="input_enable_hub"></a> [enable\_hub](#input\_enable\_hub) | Indicates whether this VPC is enabled as a DNS name resolution hub. | `bool` | `false` | no |
@@ -157,21 +164,24 @@ To attach access management tags to resources in this module, you need the follo
 | <a name="input_hub_vpc_id"></a> [hub\_vpc\_id](#input\_hub\_vpc\_id) | Indicates the id of the hub VPC for DNS resolution. See https://cloud.ibm.com/docs/vpc?topic=vpc-hub-spoke-model. Mutually exclusive with hub\_vpc\_crn. | `string` | `null` | no |
 | <a name="input_is_flow_log_collector_active"></a> [is\_flow\_log\_collector\_active](#input\_is\_flow\_log\_collector\_active) | Indicates whether the collector is active. If false, this collector is created in inactive mode. | `bool` | `true` | no |
 | <a name="input_manual_servers"></a> [manual\_servers](#input\_manual\_servers) | The DNS server addresses to use for the VPC, replacing any existing servers. All the entries must either have a unique zone\_affinity, or not have a zone\_affinity. | <pre>list(object({<br>    address       = string<br>    zone_affinity = optional(string)<br>  }))</pre> | `[]` | no |
-| <a name="input_name"></a> [name](#input\_name) | The name to give the newly provisioned VPC. Only used if 'create\_vpc' is true. | `string` | `"dev"` | no |
+| <a name="input_name"></a> [name](#input\_name) | Used for the naming of the VPC (if create\_vpc is set to true), as well as in the naming for any resources created inside the VPC (unless using one of the optional variables for explicit control over naming). | `string` | n/a | yes |
 | <a name="input_network_acls"></a> [network\_acls](#input\_network\_acls) | The list of ACLs to create. Provide at least one rule for each ACL. | <pre>list(<br>    object({<br>      name                         = string<br>      add_ibm_cloud_internal_rules = optional(bool)<br>      add_vpc_connectivity_rules   = optional(bool)<br>      prepend_ibm_rules            = optional(bool)<br>      rules = list(<br>        object({<br>          name        = string<br>          action      = string<br>          destination = string<br>          direction   = string<br>          source      = string<br>          tcp = optional(<br>            object({<br>              port_max        = optional(number)<br>              port_min        = optional(number)<br>              source_port_max = optional(number)<br>              source_port_min = optional(number)<br>            })<br>          )<br>          udp = optional(<br>            object({<br>              port_max        = optional(number)<br>              port_min        = optional(number)<br>              source_port_max = optional(number)<br>              source_port_min = optional(number)<br>            })<br>          )<br>          icmp = optional(<br>            object({<br>              type = optional(number)<br>              code = optional(number)<br>            })<br>          )<br>        })<br>      )<br>    })<br>  )</pre> | <pre>[<br>  {<br>    "add_ibm_cloud_internal_rules": true,<br>    "add_vpc_connectivity_rules": true,<br>    "name": "vpc-acl",<br>    "prepend_ibm_rules": true,<br>    "rules": []<br>  }<br>]</pre> | no |
 | <a name="input_network_cidrs"></a> [network\_cidrs](#input\_network\_cidrs) | List of Network CIDRs for the VPC. This is used to manage network ACL rules for cluster provisioning. | `list(string)` | <pre>[<br>  "10.0.0.0/8"<br>]</pre> | no |
-| <a name="input_prefix"></a> [prefix](#input\_prefix) | The value that you would like to prefix to the name of the resources provisioned by this module. Explicitly set to null if you do not wish to use a prefix. | `string` | `null` | no |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | The value that you would like to prefix to the name of the resources provisioned by this module. Explicitly set to null if you do not wish to use a prefix. This value is ignored if using one of the optional variables for explicit control over naming. | `string` | `null` | no |
+| <a name="input_public_gateway_name"></a> [public\_gateway\_name](#input\_public\_gateway\_name) | The name to give the provisioned VPC public gateways. If not set, the module generates a name based on the `prefix` and `name` variables. | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | The region to which to deploy the VPC | `string` | n/a | yes |
 | <a name="input_resolver_type"></a> [resolver\_type](#input\_resolver\_type) | Resolver type. Can be system or manual. For delegated resolver type, see the update\_delegated\_resolver variable instead. | `string` | `null` | no |
 | <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where the VPC to be created | `string` | n/a | yes |
 | <a name="input_routes"></a> [routes](#input\_routes) | OPTIONAL - Allows you to specify the next hop for packets based on their destination address | <pre>list(<br>    object({<br>      name                          = string<br>      route_direct_link_ingress     = optional(bool)<br>      route_transit_gateway_ingress = optional(bool)<br>      route_vpc_zone_ingress        = optional(bool)<br>      routes = optional(<br>        list(<br>          object({<br>            action      = optional(string)<br>            zone        = number<br>            destination = string<br>            next_hop    = string<br>          })<br>      ))<br>    })<br>  )</pre> | `[]` | no |
+| <a name="input_routing_table_name"></a> [routing\_table\_name](#input\_routing\_table\_name) | The name to give the provisioned routing tables. If not set, the module generates a name based on the `prefix` and `name` variables. | `string` | `null` | no |
 | <a name="input_security_group_rules"></a> [security\_group\_rules](#input\_security\_group\_rules) | A list of security group rules to be added to the default vpc security group (default empty) | <pre>list(<br>    object({<br>      name      = string<br>      direction = string<br>      remote    = string<br>      tcp = optional(<br>        object({<br>          port_max = optional(number)<br>          port_min = optional(number)<br>        })<br>      )<br>      udp = optional(<br>        object({<br>          port_max = optional(number)<br>          port_min = optional(number)<br>        })<br>      )<br>      icmp = optional(<br>        object({<br>          type = optional(number)<br>          code = optional(number)<br>        })<br>      )<br>    })<br>  )</pre> | `[]` | no |
 | <a name="input_skip_custom_resolver_hub_creation"></a> [skip\_custom\_resolver\_hub\_creation](#input\_skip\_custom\_resolver\_hub\_creation) | Indicates whether to skip the configuration of a custom resolver in the hub VPC. Only relevant if enable\_hub is set to true. | `bool` | `false` | no |
 | <a name="input_subnets"></a> [subnets](#input\_subnets) | List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created | <pre>object({<br>    zone-1 = list(object({<br>      name           = string<br>      cidr           = string<br>      public_gateway = optional(bool)<br>      acl_name       = string<br>    }))<br>    zone-2 = optional(list(object({<br>      name           = string<br>      cidr           = string<br>      public_gateway = optional(bool)<br>      acl_name       = string<br>    })))<br>    zone-3 = optional(list(object({<br>      name           = string<br>      cidr           = string<br>      public_gateway = optional(bool)<br>      acl_name       = string<br>    })))<br>  })</pre> | <pre>{<br>  "zone-1": [<br>    {<br>      "acl_name": "vpc-acl",<br>      "cidr": "10.10.10.0/24",<br>      "name": "subnet-a",<br>      "public_gateway": true<br>    }<br>  ],<br>  "zone-2": [<br>    {<br>      "acl_name": "vpc-acl",<br>      "cidr": "10.20.10.0/24",<br>      "name": "subnet-b",<br>      "public_gateway": true<br>    }<br>  ],<br>  "zone-3": [<br>    {<br>      "acl_name": "vpc-acl",<br>      "cidr": "10.30.10.0/24",<br>      "name": "subnet-c",<br>      "public_gateway": false<br>    }<br>  ]<br>}</pre> | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | List of Tags for the resource created | `list(string)` | `null` | no |
 | <a name="input_update_delegated_resolver"></a> [update\_delegated\_resolver](#input\_update\_delegated\_resolver) | If set to true, and if the vpc is configured to be a spoke for DNS resolution (enable\_hub\_vpc\_crn or enable\_hub\_vpc\_id set), then the spoke VPC resolver will be updated to a delegated resolver. | `bool` | `false` | no |
 | <a name="input_use_existing_dns_instance"></a> [use\_existing\_dns\_instance](#input\_use\_existing\_dns\_instance) | Whether to use an existing dns instance. If true, existing\_dns\_instance\_id must be set. | `bool` | `false` | no |
 | <a name="input_use_public_gateways"></a> [use\_public\_gateways](#input\_use\_public\_gateways) | Create a public gateway in any of the three zones with `true`. | <pre>object({<br>    zone-1 = optional(bool)<br>    zone-2 = optional(bool)<br>    zone-3 = optional(bool)<br>  })</pre> | <pre>{<br>  "zone-1": true,<br>  "zone-2": false,<br>  "zone-3": false<br>}</pre> | no |
+| <a name="input_vpc_flow_logs_name"></a> [vpc\_flow\_logs\_name](#input\_vpc\_flow\_logs\_name) | The name to give the provisioned VPC flow logs. If not set, the module generates a name based on the `prefix` and `name` variables. | `string` | `null` | no |
 
 ### Outputs
 

diff --git a/examples/existing_vpc/main.tf b/examples/existing_vpc/main.tf
@@ -16,5 +16,7 @@ module "slz_vpc" {
   create_vpc          = false
   existing_vpc_id     = var.vpc_id
   create_subnets      = false
+  name                = var.name
+  public_gateway_name = var.public_gateway_name
   existing_subnet_ids = var.subnet_ids
 }
diff --git a/examples/existing_vpc/variables.tf b/examples/existing_vpc/variables.tf
@@ -9,10 +9,17 @@ variable "region" {
   type        = string
   default     = "us-south"
 }
+
 variable "vpc_id" {
   description = "The ID of the VPC where the VSI will be created."
   type        = string
 }
+
+variable "public_gateway_name" {
+  description = "The name of the public gateway"
+  type        = string
+}
+
 variable "subnet_ids" {
   description = "The ID of the VPC where the VSI will be created."
   type        = list(string)
@@ -22,3 +29,9 @@ variable "existing_resource_group_name" {
   type        = string
   description = "An existing resource group name to use for this example."
 }
+
+variable "name" {
+  description = "The string is used as a prefix for the naming of VPC resources."
+  type        = string
+  default     = null
+}
diff --git a/examples/hub-spoke-delegated-resolver/main.tf b/examples/hub-spoke-delegated-resolver/main.tf
@@ -19,7 +19,7 @@ module "hub_vpc" {
   resource_group_id = module.resource_group.resource_group_id
   region            = var.region
   name              = "hub"
-  prefix            = var.prefix
+  prefix            = "${var.prefix}-hub"
   tags              = var.resource_tags
   enable_hub        = true
   subnets = {
@@ -56,7 +56,7 @@ module "spoke_vpc" {
   resource_group_id         = module.resource_group.resource_group_id
   region                    = var.region
   name                      = "spoke"
-  prefix                    = var.prefix
+  prefix                    = "${var.prefix}-spoke"
   tags                      = var.resource_tags
   hub_vpc_crn               = module.hub_vpc.vpc_crn
   enable_hub_vpc_crn        = true

diff --git a/examples/hub-spoke-manual-resolver/main.tf b/examples/hub-spoke-manual-resolver/main.tf
@@ -19,7 +19,7 @@ module "hub_vpc" {
   resource_group_id = module.resource_group.resource_group_id
   region            = var.region
   name              = "hub"
-  prefix            = var.prefix
+  prefix            = "${var.prefix}-hub"
   tags              = var.resource_tags
   enable_hub        = true
   subnets = {
@@ -56,7 +56,7 @@ module "spoke_vpc" {
   resource_group_id         = module.resource_group.resource_group_id
   region                    = var.region
   name                      = "spoke"
-  prefix                    = var.prefix
+  prefix                    = "${var.prefix}-spoke"
   tags                      = var.resource_tags
   hub_vpc_crn               = module.hub_vpc.vpc_crn
   enable_hub_vpc_crn        = true

diff --git a/examples/landing_zone/main.tf b/examples/landing_zone/main.tf
@@ -36,7 +36,7 @@ module "workload_vpc" {
   source                                 = "../../landing-zone-submodule/workload-vpc/"
   resource_group_id                      = module.resource_group.resource_group_id
   region                                 = var.region
-  prefix                                 = var.prefix
+  prefix                                 = "${var.prefix}-workload"
   tags                                   = var.resource_tags
   access_tags                            = var.access_tags
   enable_vpc_flow_logs                   = var.enable_vpc_flow_logs
@@ -51,7 +51,7 @@ module "management_vpc" {
   source               = "../../landing-zone-submodule/management-vpc/"
   resource_group_id    = module.resource_group.resource_group_id
   region               = var.region
-  prefix               = var.prefix
+  prefix               = "${var.prefix}-management"
   tags                 = var.resource_tags
   clean_default_sg_acl = true
 }

diff --git a/examples/no-prefix/main.tf b/examples/no-prefix/main.tf
@@ -38,6 +38,9 @@ module "slz_vpc" {
   resource_group_id                      = module.resource_group.resource_group_id
   region                                 = var.region
   name                                   = var.name
+  routing_table_name                     = "${var.name}-routing-table"
+  public_gateway_name                    = "${var.name}-public-gateway"
+  vpc_flow_logs_name                     = "${var.name}-flow-logs"
   prefix                                 = null
   tags                                   = var.resource_tags
   access_tags                            = []