Merge pull request #17 from unifio/vgw-prop-support

VGW route propagation support
unifio · Jun 8, 2016 · 6134b64 · 6134b64
2 parents 8632644 + c6244bf
commit 6134b64
Show file tree

Hide file tree

Showing 16 changed files with 159 additions and 22 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 ## Unreleased
 
+## 0.2.3 (June 8, 2016)
+
+#### IMPROVEMENTS:
+* Added support for VGW route propagation for routing tables.
+* Added support for VPG creation without VPC attachment. Necessary to avoid chicken-and-egg scenario when configuring VPC for VPG route propagation.
+
 ## 0.2.2 (June 2, 2016)
 
 #### IMPROVEMENTS:

diff --git a/README.md b/README.md
@@ -26,6 +26,8 @@ The Base module provisions the VPC, attaches an Internet Gateway, and creates NA
 - `enable_hostnames` - (Optional) Specifies whether the instances launched in the VPC get DNS hostnames. Defaults to true.
 - `enable_classiclink` - (Optional) Specifies whether ClassicLink is enabled for the VPC. Defaults to false.
 - `flow_log_traffic_type` - (Optional) The type of traffic to capture. Valid values: ACCEPT,REJECT,ALL.
+- `rt_vgw_prop` - (Optional) Specifies whether virtual gateway route propagation should be enabled on the routing table(s). Valid values: 0 or 1. Defaults to 0 (disabled).
+- `vgw_ids` - (Optional) A list of virtual gateways to associate with the routing tables for route propagation.
 
 
 ### Usage ###
@@ -93,6 +95,7 @@ Creates a VPC VPN Gateway
 
 - `stack_item_label` - Short form identifier for this stack.  This value is used to create the "Name" resource tag for resources created by this stack item, and also serves as a unique key for re-use.
 - `stack_item_fullname` - Long form descriptive name for this stack item.  This value is used to create the "application" resource tag for resources created by this stack item.
+- `vpc_attach` - Specifies whether the VPG should be associated with a VPC. Valid value: 0 or 1. Defaults to 0 (unattached).
 - `vpc_id` - The VPC to associate the VPG with.
 
 ### Usage
@@ -102,6 +105,7 @@ The usage examples may assume that previous modules in this stack have already b
 ```js
 module "vpg" {
   source              = "github.com/terraform-aws-vpc//vpg"
+  vpc_attach          = 1
   vpc_id              = "${module.vpc_base.vpc_id}"
   stack_item_fullname = "Stack Item Description"
   stack_item_label    = "mystack1"
@@ -128,6 +132,8 @@ In each Availability Zone provided, this module provisions subnets and routing t
 - `lans_per_az` - (Optional) The number of private LAN subnets to be provisioned per AZ.  You will need to double the CIDR blocks specified in the `lan_cidr` variable for each increase in this value.  Defaults to 1.
 - `enable_dmz_public_ips` - (Optional) Specify true to indicate that instances launched into the DMZ subnet should be assigned a public IP address.  Defaults to true.
 - `rt_dmz_id` - The ID of the DMZ routing table.
+- `rt_vgw_prop` - (Optional) Specifies whether virtual gateway route propagation should be enabled on the routing table(s). Valid values: 0 or 1. Defaults to 0 (disabled).
+- `vgw_ids` - (Optional) A list of virtual gateways to associate with the routing tables for route propagation.
 
 ### Usage ###
 
@@ -146,6 +152,8 @@ module "AZs" {
     lans_per_az           = "1"
     enable_dmz_public_ips = true
     rt_dmz_id             = "${module.vpc_base.rt_dmz_id}"
+    rt_vgw_prop           = 1
+    vgw_ids               = "${aws_vpn_gateway.vpg.id}"
 }
 ```
 

diff --git a/az/main.tf b/az/main.tf
@@ -53,20 +53,20 @@ resource "aws_subnet" "lan" {
 }
 
 ### Provisions routing table
-resource "aws_route_table" "rt_lan" {
-  count  = "${length(split(",",var.az)) * var.lans_per_az}"
-  vpc_id = "${var.vpc_id}"
+module "rt_lan" {
+  source = "../rt"
 
-  tags {
-    Name        = "${var.stack_item_label}-lan-${count.index}"
-    application = "${var.stack_item_fullname}"
-    managed_by  = "terraform"
-  }
+  rt_count            = "${length(split(",",var.az)) * var.lans_per_az}"
+  stack_item_label    = "${var.stack_item_label}-lan"
+  stack_item_fullname = "${var.stack_item_fullname}"
+  vpc_id              = "${var.vpc_id}"
+  vgw_prop            = "${signum(var.rt_vgw_prop)}"
+  vgw_ids             = "${var.vgw_ids}"
 }
 
 ### Associates subnet with routing table
 resource "aws_route_table_association" "rta_lan" {
   count          = "${length(split(",",var.az)) * var.lans_per_az}"
   subnet_id      = "${element(aws_subnet.lan.*.id,count.index)}"
-  route_table_id = "${element(aws_route_table.rt_lan.*.id,count.index)}"
+  route_table_id = "${element(split(",",module.rt_lan.rt_id),count.index)}"
 }
diff --git a/az/outputs.tf b/az/outputs.tf
@@ -29,5 +29,5 @@ output "nat_id" {
 
 ## Returns the routing table ID
 output "rt_lan_id" {
-  value = "${join(",",aws_route_table.rt_lan.*.id)}"
+  value = "${module.rt_lan.rt_id}"
 }
diff --git a/az/variables.tf b/az/variables.tf
@@ -53,3 +53,15 @@ variable "rt_dmz_id" {
   type        = "string"
   description = "The ID of the DMZ routing table"
 }
+
+variable "rt_vgw_prop" {
+  type        = "string"
+  description = "Specifies whether virtual gateway route propagation should be enabled on the routing table(s)"
+  default     = 0
+}
+
+variable "vgw_ids" {
+  type        = "string"
+  description = "A list of virtual gateways to associate with the routing tables for route propagation."
+  default     = ""
+}
diff --git a/base/main.tf b/base/main.tf
@@ -27,14 +27,15 @@ resource "aws_internet_gateway" "igw" {
 }
 
 ## Provisions DMZ routing table
-resource "aws_route_table" "rt_dmz" {
-  vpc_id = "${aws_vpc.vpc.id}"
+module "rt_dmz" {
+  source = "../rt"
 
-  tags {
-    Name        = "${var.stack_item_label}-dmz"
-    application = "${var.stack_item_fullname}"
-    managed_by  = "terraform"
-  }
+  rt_count            = 1
+  stack_item_label    = "${var.stack_item_label}-dmz"
+  stack_item_fullname = "${var.stack_item_fullname}"
+  vpc_id              = "${aws_vpc.vpc.id}"
+  vgw_prop            = "${signum(var.rt_vgw_prop)}"
+  vgw_ids             = "${var.vgw_ids}"
 }
 
 ## Provisions VPC flow log

diff --git a/base/outputs.tf b/base/outputs.tf
@@ -12,9 +12,10 @@ output "igw_id" {
 
 ## Returns ID of the DMZ routing table
 output "rt_dmz_id" {
-  value = "${aws_route_table.rt_dmz.id}"
+  value = "${module.rt_dmz.rt_id}"
 }
 
+## Returns ID of the VPC flow log
 output "flow_log_id" {
   value = "${aws_flow_log.flow_log.id}"
 }
diff --git a/base/variables.tf b/base/variables.tf
@@ -46,3 +46,15 @@ variable "flow_log_traffic_type" {
   description = "The type of traffic to capture. Valid values: ACCEPT,REJECT,ALL"
   default     = "ALL"
 }
+
+variable "rt_vgw_prop" {
+  type        = "string"
+  description = "Specifies whether virtual gateway route propagation should be enabled on the routing table(s)"
+  default     = 0
+}
+
+variable "vgw_ids" {
+  type        = "string"
+  description = "A list of virtual gateways to associate with the routing tables for route propagation."
+  default     = ""
+}
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -36,6 +36,17 @@ module "vpc_az" {
   rt_dmz_id             = "${module.vpc_base.rt_dmz_id}"
 }
 
+## Configures Virtual Private Gateway
+module "vpc_vpg" {
+  # Example GitHub source
+  #source = "github.com/unifio/terraform-aws-vpc?ref=master//vpg"
+  source = "../../vpg"
+
+  vpc_attach          = 0
+  stack_item_label    = "${var.stack_item_label}"
+  stack_item_fullname = "${var.stack_item_fullname}"
+}
+
 ## Configures routing
 resource "aws_route" "dmz-to-igw" {
   count                  = "${length(split(",",lookup(var.az,var.region)))}"

diff --git a/examples/full_stack/main.tf b/examples/full_stack/main.tf
@@ -50,6 +50,7 @@ module "vpc_vpg" {
   #source = "github.com/unifio/terraform-aws-vpc?ref=master//vpg"
   source = "../../vpg"
 
+  vpc_attach          = 1
   vpc_id              = "${module.vpc_base.vpc_id}"
   stack_item_label    = "${var.stack_item_label}"
   stack_item_fullname = "${var.stack_item_fullname}"
@@ -69,6 +70,8 @@ module "vpc_az" {
   lan_cidr            = "${cidrsubnet(var.vpc_cidr,4,8)},${cidrsubnet(var.vpc_cidr,4,9)},${cidrsubnet(var.vpc_cidr,4,10)},${cidrsubnet(var.vpc_cidr,4,13)},${cidrsubnet(var.vpc_cidr,4,14)},${cidrsubnet(var.vpc_cidr,4,15)}"
   lans_per_az         = "${var.lans_per_az}"
   rt_dmz_id           = "${module.vpc_base.rt_dmz_id}"
+  rt_vgw_prop         = 1
+  vgw_ids             = "${module.vpc_vpg.vpg_id}"
 }
 
 ## Configures routing

diff --git a/rt/main.tf b/rt/main.tf
@@ -0,0 +1,24 @@
+# Route table
+
+resource "aws_route_table" "rt" {
+  count  = "${(var.vgw_prop + 1 % 2) * var.rt_count}"
+  vpc_id = "${var.vpc_id}"
+
+  tags {
+    Name        = "${var.stack_item_label}-${count.index}"
+    application = "${var.stack_item_fullname}"
+    managed_by  = "terraform"
+  }
+}
+
+resource "aws_route_table" "rt_vgw_prop" {
+  count            = "${var.vgw_prop * var.rt_count}"
+  vpc_id           = "${var.vpc_id}"
+  propagating_vgws = ["${split(",",var.vgw_ids)}"]
+
+  tags {
+    Name        = "${var.stack_item_label}-${count.index}"
+    application = "${var.stack_item_fullname}"
+    managed_by  = "terraform"
+  }
+}
diff --git a/rt/outputs.tf b/rt/outputs.tf
@@ -0,0 +1,5 @@
+# Outputs
+
+output "rt_id" {
+  value = "${coalesce(join(",",aws_route_table.rt.*.id),join(",",aws_route_table.rt_vgw_prop.*.id))}"
+}
diff --git a/rt/variables.tf b/rt/variables.tf
@@ -0,0 +1,27 @@
+# Input Variables
+
+## Resource Tags
+variable "stack_item_label" {
+  type = "string"
+}
+
+variable "stack_item_fullname" {
+  type = "string"
+}
+
+## VPC parameters
+variable "vpc_id" {
+  type = "string"
+}
+
+variable "vgw_prop" {
+  type = "string"
+}
+
+variable "vgw_ids" {
+  type = "string"
+}
+
+variable "rt_count" {
+  type = "string"
+}
diff --git a/vpg/main.tf b/vpg/main.tf
@@ -2,6 +2,7 @@
 
 # Gateway configuration
 resource "aws_vpn_gateway" "vpg" {
+  count  = "${signum(var.vpc_attach)}"
   vpc_id = "${var.vpc_id}"
 
   tags {
@@ -10,3 +11,13 @@ resource "aws_vpn_gateway" "vpg" {
     managed_by  = "terraform"
   }
 }
+
+resource "aws_vpn_gateway" "vpg_unattached" {
+  count = "${signum(var.vpc_attach) + 1 % 2}"
+
+  tags {
+    Name        = "${var.stack_item_label}-vpg"
+    application = "${var.stack_item_fullname}"
+    managed_by  = "terraform"
+  }
+}
diff --git a/vpg/outputs.tf b/vpg/outputs.tf
@@ -2,5 +2,5 @@
 
 ## Returns ID of the VPG
 output "vpg_id" {
-  value = "${aws_vpn_gateway.vpg.id}"
+  value = "${coalesce(join(",",aws_vpn_gateway.vpg.*.id),join(",",aws_vpn_gateway.vpg_unattached.*.id))}"
 }
diff --git a/vpg/variables.tf b/vpg/variables.tf
@@ -1,9 +1,25 @@
 # Input Variables
 
 ## Resource tags
-variable "stack_item_label" {}
+variable "stack_item_label" {
+  type        = "string"
+  description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use."
+}
 
-variable "stack_item_fullname" {}
+variable "stack_item_fullname" {
+  type        = "string"
+  description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item."
+}
 
 ## VPC parameters
-variable "vpc_id" {}
+variable "vpc_id" {
+  type        = "string"
+  description = "The ID of the VPC"
+  default     = ""
+}
+
+variable "vpc_attach" {
+  type        = "string"
+  description = "Specifies whether the VPG should be associated with a VPC."
+  default     = 0
+}