feat: enhance naming for vpc resources and fix prefix checks

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-12-11T14:29:11Z",
+  "generated_at": "2023-12-19T10:03:18Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

README.md

@@ -58,6 +58,10 @@ module vpc {
 }
 ```
 
+### Resource naming
+
+The module automatically generates names for the all provisioned VPC resources using the `var.prefix` input variable. You can selectively override this behavior by giving explicit names through the following input variables: `dns_binding_name`, `dns_instance_name`, `dns_custom_resolver_name`, `routing_table_name`, `public_gateway_name`, and `vpc_flow_logs_name`.
+
 ### Subnets
 
  You can create a maximum of three zones in the [subnet.tf](subnet.tf) file. The zones are defined as lists in the file, and then are converted to objects before the resources are provisioned. The conversion ensures that the addition or deletion of subnets affects only the added or deleted subnets, as shown in the following example.
@@ -142,6 +146,9 @@ To attach access management tags to resources in this module, you need the follo
 | <a name="input_default_network_acl_name"></a> [default\_network\_acl\_name](#input\_default\_network\_acl\_name) | OPTIONAL - Name of the Default ACL. If null, a name will be automatically generated | `string` | `null` | no |
 | <a name="input_default_routing_table_name"></a> [default\_routing\_table\_name](#input\_default\_routing\_table\_name) | OPTIONAL - Name of the Default Routing Table. If null, a name will be automatically generated | `string` | `null` | no |
 | <a name="input_default_security_group_name"></a> [default\_security\_group\_name](#input\_default\_security\_group\_name) | OPTIONAL - Name of the Default Security Group. If null, a name will be automatically generated | `string` | `null` | no |
+| <a name="input_dns_binding_name"></a> [dns\_binding\_name](#input\_dns\_binding\_name) | The name to give the provisioned VPC DNS resolution binding. If not set, the module generates a name based on the var.prefix variable. | `string` | `null` | no |
+| <a name="input_dns_custom_resolver_name"></a> [dns\_custom\_resolver\_name](#input\_dns\_custom\_resolver\_name) | The name to give the provisioned DNS custom resolver instance. If not set, the module generates a name based on the var.prefix variable. | `string` | `null` | no |
+| <a name="input_dns_instance_name"></a> [dns\_instance\_name](#input\_dns\_instance\_name) | The name to give the provisioned DNS instance. If not set, the module generates a name based on the var.prefix variable. | `string` | `null` | no |
 | <a name="input_dns_location"></a> [dns\_location](#input\_dns\_location) | The target location or environment for the DNS instance created to host the custom resolver in a hub-spoke DNS resolution topology. Only used if enable\_hub is true and skip\_custom\_resolver\_hub\_creation is false (defaults). | `string` | `"global"` | no |
 | <a name="input_dns_plan"></a> [dns\_plan](#input\_dns\_plan) | The plan for the DNS resource instance created to host the custom resolver in a hub-spoke DNS resolution topology. Only used if enable\_hub is true and skip\_custom\_resolver\_hub\_creation is false (defaults). | `string` | `"standard-dns"` | no |
 | <a name="input_enable_hub"></a> [enable\_hub](#input\_enable\_hub) | Indicates whether this VPC is enabled as a DNS name resolution hub. | `bool` | `false` | no |
@@ -157,21 +164,24 @@ To attach access management tags to resources in this module, you need the follo
 | <a name="input_hub_vpc_id"></a> [hub\_vpc\_id](#input\_hub\_vpc\_id) | Indicates the id of the hub VPC for DNS resolution. See https://cloud.ibm.com/docs/vpc?topic=vpc-hub-spoke-model. Mutually exclusive with hub\_vpc\_crn. | `string` | `null` | no |
 | <a name="input_is_flow_log_collector_active"></a> [is\_flow\_log\_collector\_active](#input\_is\_flow\_log\_collector\_active) | Indicates whether the collector is active. If false, this collector is created in inactive mode. | `bool` | `true` | no |
 | <a name="input_manual_servers"></a> [manual\_servers](#input\_manual\_servers) | The DNS server addresses to use for the VPC, replacing any existing servers. All the entries must either have a unique zone\_affinity, or not have a zone\_affinity. | <pre>list(object({<br>    address       = string<br>    zone_affinity = optional(string)<br>  }))</pre> | `[]` | no |
-| <a name="input_name"></a> [name](#input\_name) | The name to give the newly provisioned VPC. Only used if 'create\_vpc' is true. | `string` | `"dev"` | no |
+| <a name="input_name"></a> [name](#input\_name) | The string to use for the naming of VPC, when var.create\_vpc is true. This string is also used as a prefix for the naming of VPC resources. | `string` | `null` | no |
 | <a name="input_network_acls"></a> [network\_acls](#input\_network\_acls) | The list of ACLs to create. Provide at least one rule for each ACL. | <pre>list(<br>    object({<br>      name                         = string<br>      add_ibm_cloud_internal_rules = optional(bool)<br>      add_vpc_connectivity_rules   = optional(bool)<br>      prepend_ibm_rules            = optional(bool)<br>      rules = list(<br>        object({<br>          name        = string<br>          action      = string<br>          destination = string<br>          direction   = string<br>          source      = string<br>          tcp = optional(<br>            object({<br>              port_max        = optional(number)<br>              port_min        = optional(number)<br>              source_port_max = optional(number)<br>              source_port_min = optional(number)<br>            })<br>          )<br>          udp = optional(<br>            object({<br>              port_max        = optional(number)<br>              port_min        = optional(number)<br>              source_port_max = optional(number)<br>              source_port_min = optional(number)<br>            })<br>          )<br>          icmp = optional(<br>            object({<br>              type = optional(number)<br>              code = optional(number)<br>            })<br>          )<br>        })<br>      )<br>    })<br>  )</pre> | <pre>[<br>  {<br>    "add_ibm_cloud_internal_rules": true,<br>    "add_vpc_connectivity_rules": true,<br>    "name": "vpc-acl",<br>    "prepend_ibm_rules": true,<br>    "rules": []<br>  }<br>]</pre> | no |
 | <a name="input_network_cidrs"></a> [network\_cidrs](#input\_network\_cidrs) | List of Network CIDRs for the VPC. This is used to manage network ACL rules for cluster provisioning. | `list(string)` | <pre>[<br>  "10.0.0.0/8"<br>]</pre> | no |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | The value that you would like to prefix to the name of the resources provisioned by this module. Explicitly set to null if you do not wish to use a prefix. | `string` | `null` | no |
+| <a name="input_public_gateway_name"></a> [public\_gateway\_name](#input\_public\_gateway\_name) | The name to give the provisioned VPC public gateway. If not set, the module generates a name based on the var.prefix variable. | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | The region to which to deploy the VPC | `string` | n/a | yes |
 | <a name="input_resolver_type"></a> [resolver\_type](#input\_resolver\_type) | Resolver type. Can be system or manual. For delegated resolver type, see the update\_delegated\_resolver variable instead. | `string` | `null` | no |
 | <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where the VPC to be created | `string` | n/a | yes |
 | <a name="input_routes"></a> [routes](#input\_routes) | OPTIONAL - Allows you to specify the next hop for packets based on their destination address | <pre>list(<br>    object({<br>      name                          = string<br>      route_direct_link_ingress     = optional(bool)<br>      route_transit_gateway_ingress = optional(bool)<br>      route_vpc_zone_ingress        = optional(bool)<br>      routes = optional(<br>        list(<br>          object({<br>            action      = optional(string)<br>            zone        = number<br>            destination = string<br>            next_hop    = string<br>          })<br>      ))<br>    })<br>  )</pre> | `[]` | no |
+| <a name="input_routing_table_name"></a> [routing\_table\_name](#input\_routing\_table\_name) | The name to give the provisioned routing table. If not set, the module generates a name based on the var.prefix variable. | `string` | `null` | no |
 | <a name="input_security_group_rules"></a> [security\_group\_rules](#input\_security\_group\_rules) | A list of security group rules to be added to the default vpc security group (default empty) | <pre>list(<br>    object({<br>      name      = string<br>      direction = string<br>      remote    = string<br>      tcp = optional(<br>        object({<br>          port_max = optional(number)<br>          port_min = optional(number)<br>        })<br>      )<br>      udp = optional(<br>        object({<br>          port_max = optional(number)<br>          port_min = optional(number)<br>        })<br>      )<br>      icmp = optional(<br>        object({<br>          type = optional(number)<br>          code = optional(number)<br>        })<br>      )<br>    })<br>  )</pre> | `[]` | no |
 | <a name="input_skip_custom_resolver_hub_creation"></a> [skip\_custom\_resolver\_hub\_creation](#input\_skip\_custom\_resolver\_hub\_creation) | Indicates whether to skip the configuration of a custom resolver in the hub VPC. Only relevant if enable\_hub is set to true. | `bool` | `false` | no |
 | <a name="input_subnets"></a> [subnets](#input\_subnets) | List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created | <pre>object({<br>    zone-1 = list(object({<br>      name           = string<br>      cidr           = string<br>      public_gateway = optional(bool)<br>      acl_name       = string<br>    }))<br>    zone-2 = optional(list(object({<br>      name           = string<br>      cidr           = string<br>      public_gateway = optional(bool)<br>      acl_name       = string<br>    })))<br>    zone-3 = optional(list(object({<br>      name           = string<br>      cidr           = string<br>      public_gateway = optional(bool)<br>      acl_name       = string<br>    })))<br>  })</pre> | <pre>{<br>  "zone-1": [<br>    {<br>      "acl_name": "vpc-acl",<br>      "cidr": "10.10.10.0/24",<br>      "name": "subnet-a",<br>      "public_gateway": true<br>    }<br>  ],<br>  "zone-2": [<br>    {<br>      "acl_name": "vpc-acl",<br>      "cidr": "10.20.10.0/24",<br>      "name": "subnet-b",<br>      "public_gateway": true<br>    }<br>  ],<br>  "zone-3": [<br>    {<br>      "acl_name": "vpc-acl",<br>      "cidr": "10.30.10.0/24",<br>      "name": "subnet-c",<br>      "public_gateway": false<br>    }<br>  ]<br>}</pre> | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | List of Tags for the resource created | `list(string)` | `null` | no |
 | <a name="input_update_delegated_resolver"></a> [update\_delegated\_resolver](#input\_update\_delegated\_resolver) | If set to true, and if the vpc is configured to be a spoke for DNS resolution (enable\_hub\_vpc\_crn or enable\_hub\_vpc\_id set), then the spoke VPC resolver will be updated to a delegated resolver. | `bool` | `false` | no |
 | <a name="input_use_existing_dns_instance"></a> [use\_existing\_dns\_instance](#input\_use\_existing\_dns\_instance) | Whether to use an existing dns instance. If true, existing\_dns\_instance\_id must be set. | `bool` | `false` | no |
 | <a name="input_use_public_gateways"></a> [use\_public\_gateways](#input\_use\_public\_gateways) | Create a public gateway in any of the three zones with `true`. | <pre>object({<br>    zone-1 = optional(bool)<br>    zone-2 = optional(bool)<br>    zone-3 = optional(bool)<br>  })</pre> | <pre>{<br>  "zone-1": true,<br>  "zone-2": false,<br>  "zone-3": false<br>}</pre> | no |
+| <a name="input_vpc_flow_logs_name"></a> [vpc\_flow\_logs\_name](#input\_vpc\_flow\_logs\_name) | The name to give the provisioned VPC flow logs. If not set, the module generates a name based on the var.prefix variable. | `string` | `null` | no |
 
 ### Outputs
 

dynamic_values.tf

@@ -4,7 +4,7 @@
 
 module "dynamic_values" {
   source               = "./dynamic_values"
-  prefix               = var.prefix != null ? "${var.prefix}-${var.name}" : var.name
+  prefix               = var.prefix != null ? "${var.prefix}-vpc" : var.name
   region               = var.region
   address_prefixes     = var.address_prefixes
   routes               = var.routes

examples/default/main.tf

@@ -39,7 +39,6 @@ module "slz_vpc" {
   source                                 = "../../"
   resource_group_id                      = module.resource_group.resource_group_id
   region                                 = var.region
-  name                                   = var.name
   prefix                                 = var.prefix
   tags                                   = var.resource_tags
   access_tags                            = var.access_tags

examples/default/variables.tf

@@ -16,12 +16,6 @@ variable "prefix" {
   default     = "def-slz-vpc"
 }
 
-variable "name" {
-  description = "The name of the vpc"
-  type        = string
-  default     = "vpc"
-}
-
 variable "resource_group" {
   type        = string
   description = "An existing resource group name to use for this example, if unset a new resource group will be created"

examples/existing_vpc/main.tf

@@ -16,5 +16,7 @@ module "slz_vpc" {
   create_vpc          = false
   existing_vpc_id     = var.vpc_id
   create_subnets      = false
+  name                = var.name
+  public_gateway_name = var.public_gateway_name
   existing_subnet_ids = var.subnet_ids
 }

examples/existing_vpc/variables.tf

@@ -9,10 +9,17 @@ variable "region" {
   type        = string
   default     = "us-south"
 }
+
 variable "vpc_id" {
   description = "The ID of the VPC where the VSI will be created."
   type        = string
 }
+
+variable "public_gateway_name" {
+  description = "The name of the public gateway"
+  type        = string
+}
+
 variable "subnet_ids" {
   description = "The ID of the VPC where the VSI will be created."
   type        = list(string)
@@ -22,3 +29,9 @@ variable "existing_resource_group_name" {
   type        = string
   description = "An existing resource group name to use for this example."
 }
+
+variable "name" {
+  description = "The string is used as a prefix for the naming of VPC resources."
+  type        = string
+  default     = null
+}

examples/hub-spoke-delegated-resolver/main.tf

@@ -19,7 +19,7 @@ module "hub_vpc" {
   resource_group_id = module.resource_group.resource_group_id
   region            = var.region
   name              = "hub"
-  prefix            = var.prefix
+  prefix            = "${var.prefix}-hub"
   tags              = var.resource_tags
   enable_hub        = true
   subnets = {
@@ -56,7 +56,7 @@ module "spoke_vpc" {
   resource_group_id         = module.resource_group.resource_group_id
   region                    = var.region
   name                      = "spoke"
-  prefix                    = var.prefix
+  prefix                    = "${var.prefix}-spoke"
   tags                      = var.resource_tags
   hub_vpc_crn               = module.hub_vpc.vpc_crn
   enable_hub_vpc_crn        = true

examples/hub-spoke-manual-resolver/main.tf

@@ -19,7 +19,7 @@ module "hub_vpc" {
   resource_group_id = module.resource_group.resource_group_id
   region            = var.region
   name              = "hub"
-  prefix            = var.prefix
+  prefix            = "${var.prefix}-hub"
   tags              = var.resource_tags
   enable_hub        = true
   subnets = {
@@ -56,7 +56,7 @@ module "spoke_vpc" {
   resource_group_id         = module.resource_group.resource_group_id
   region                    = var.region
   name                      = "spoke"
-  prefix                    = var.prefix
+  prefix                    = "${var.prefix}-spoke"
   tags                      = var.resource_tags
   hub_vpc_crn               = module.hub_vpc.vpc_crn
   enable_hub_vpc_crn        = true

examples/landing_zone/main.tf

@@ -36,7 +36,7 @@ module "workload_vpc" {
   source                                 = "../../landing-zone-submodule/workload-vpc/"
   resource_group_id                      = module.resource_group.resource_group_id
   region                                 = var.region
-  prefix                                 = var.prefix
+  prefix                                 = "${var.prefix}-workload"
   tags                                   = var.resource_tags
   access_tags                            = var.access_tags
   enable_vpc_flow_logs                   = var.enable_vpc_flow_logs
@@ -51,7 +51,7 @@ module "management_vpc" {
   source               = "../../landing-zone-submodule/management-vpc/"
   resource_group_id    = module.resource_group.resource_group_id
   region               = var.region
-  prefix               = var.prefix
+  prefix               = "${var.prefix}-management"
   tags                 = var.resource_tags
   clean_default_sg_acl = true
 }

examples/no-prefix/main.tf

@@ -38,6 +38,9 @@ module "slz_vpc" {
   resource_group_id                      = module.resource_group.resource_group_id
   region                                 = var.region
   name                                   = var.name
+  routing_table_name                     = "${var.name}-routing-table"
+  public_gateway_name                    = "${var.name}-public-gateway"
+  vpc_flow_logs_name                     = "${var.name}-flow-logs"
   prefix                                 = null
   tags                                   = var.resource_tags
   access_tags                            = []