From dac88049d3c5105c9699b08d24d8ad770efff846 Mon Sep 17 00:00:00 2001 From: Nuru Date: Mon, 10 May 2021 10:19:46 -0700 Subject: [PATCH] Do not require NAT gateway IDs for private subnets (#51) --- README.md | 2 +- docs/terraform.md | 2 +- examples/complete/fixtures.disabled.tfvars | 1 - examples/complete/fixtures.enabled.tfvars | 1 - examples/complete/main.tf | 24 ++++++++++++++++------ private.tf | 4 ++-- test/src/examples_complete_test.go | 6 +++++- variables.tf | 6 +++++- 8 files changed, 32 insertions(+), 14 deletions(-) delete mode 100644 examples/complete/fixtures.disabled.tfvars delete mode 100644 examples/complete/fixtures.enabled.tfvars diff --git a/README.md b/README.md index ffa9a59..5be5434 100644 --- a/README.md +++ b/README.md @@ -308,7 +308,7 @@ Available targets: | [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | | [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | | [availability\_zones](#input\_availability\_zones) | List of Availability Zones (e.g. `['us-east-1a', 'us-east-1b', 'us-east-1c']`) | `list(string)` | n/a | yes | -| [az\_ngw\_ids](#input\_az\_ngw\_ids) | Only for private subnets. Map of AZ names to NAT Gateway IDs that are used as default routes when creating private subnets | `map(string)` | `{}` | no | +| [az\_ngw\_ids](#input\_az\_ngw\_ids) | Only for private subnets. Map of AZ names to NAT Gateway IDs that are used as default routes when creating private subnets.
You should either supply one NAT Gateway ID for each AZ in `var.availability_zones` or leave the map empty.
If empty, no default egress route will be created and you will have to create your own using `aws_route`. | `map(string)` | `{}` | no | | [cidr\_block](#input\_cidr\_block) | Base CIDR block which is divided into subnet CIDR blocks (e.g. `10.0.0.0/16`) | `string` | n/a | yes | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 14592b5..7e4af99 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -46,7 +46,7 @@ | [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | | [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | | [availability\_zones](#input\_availability\_zones) | List of Availability Zones (e.g. `['us-east-1a', 'us-east-1b', 'us-east-1c']`) | `list(string)` | n/a | yes | -| [az\_ngw\_ids](#input\_az\_ngw\_ids) | Only for private subnets. Map of AZ names to NAT Gateway IDs that are used as default routes when creating private subnets | `map(string)` | `{}` | no | +| [az\_ngw\_ids](#input\_az\_ngw\_ids) | Only for private subnets. Map of AZ names to NAT Gateway IDs that are used as default routes when creating private subnets.
You should either supply one NAT Gateway ID for each AZ in `var.availability_zones` or leave the map empty.
If empty, no default egress route will be created and you will have to create your own using `aws_route`. | `map(string)` | `{}` | no | | [cidr\_block](#input\_cidr\_block) | Base CIDR block which is divided into subnet CIDR blocks (e.g. `10.0.0.0/16`) | `string` | n/a | yes | | [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | | [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | diff --git a/examples/complete/fixtures.disabled.tfvars b/examples/complete/fixtures.disabled.tfvars deleted file mode 100644 index 8ea7991..0000000 --- a/examples/complete/fixtures.disabled.tfvars +++ /dev/null @@ -1 +0,0 @@ -enabled = false \ No newline at end of file diff --git a/examples/complete/fixtures.enabled.tfvars b/examples/complete/fixtures.enabled.tfvars deleted file mode 100644 index 3477e9e..0000000 --- a/examples/complete/fixtures.enabled.tfvars +++ /dev/null @@ -1 +0,0 @@ -enabled = true \ No newline at end of file diff --git a/examples/complete/main.tf b/examples/complete/main.tf index f04ce36..26205be 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -3,9 +3,10 @@ provider "aws" { } locals { - public_cidr_block = cidrsubnet(var.cidr_block, 2, 0) - public_only_cidr_block = cidrsubnet(var.cidr_block, 2, 1) - private_cidr_block = cidrsubnet(var.cidr_block, 2, 2) + public_cidr_block = cidrsubnet(var.cidr_block, 2, 0) + public_only_cidr_block = cidrsubnet(var.cidr_block, 2, 1) + private_cidr_block = cidrsubnet(var.cidr_block, 2, 2) + private_only_cidr_block = cidrsubnet(var.cidr_block, 2, 3) } module "vpc" { @@ -20,7 +21,6 @@ module "vpc" { module "public_subnets" { source = "../../" - enabled = var.enabled availability_zones = var.availability_zones vpc_id = module.vpc.vpc_id cidr_block = local.public_cidr_block @@ -34,7 +34,6 @@ module "public_subnets" { module "public_only_subnets" { source = "../../" - enabled = var.enabled availability_zones = var.availability_zones vpc_id = module.vpc.vpc_id cidr_block = local.public_only_cidr_block @@ -48,7 +47,6 @@ module "public_only_subnets" { module "private_subnets" { source = "../../" - enabled = var.enabled availability_zones = var.availability_zones vpc_id = module.vpc.vpc_id cidr_block = local.private_cidr_block @@ -60,3 +58,17 @@ module "private_subnets" { context = module.this.context } +module "private_only_subnets" { + source = "../../" + + availability_zones = var.availability_zones + vpc_id = module.vpc.vpc_id + cidr_block = local.private_only_cidr_block + type = "private" + + # No NAT gateways supplied, should create subnets with empty route tables + # az_ngw_ids = module.public_subnets.az_ngw_ids + + context = module.this.context +} + diff --git a/private.tf b/private.tf index a7dd91a..0cc4b33 100644 --- a/private.tf +++ b/private.tf @@ -90,10 +90,10 @@ resource "aws_route_table_association" "private" { } resource "aws_route" "default" { - for_each = local.private_azs + for_each = var.az_ngw_ids route_table_id = aws_route_table.private[each.key].id - nat_gateway_id = var.az_ngw_ids[each.key] + nat_gateway_id = each.value destination_cidr_block = "0.0.0.0/0" depends_on = [aws_route_table.private] } diff --git a/test/src/examples_complete_test.go b/test/src/examples_complete_test.go index e54496d..35a815e 100644 --- a/test/src/examples_complete_test.go +++ b/test/src/examples_complete_test.go @@ -121,7 +121,11 @@ func TestExamplesCompleteDisabledModule(t *testing.T) { TerraformDir: "../../examples/complete", Upgrade: true, // Variables to pass to our Terraform code using -var-file options - VarFiles: []string{"fixtures.us-east-2.tfvars", "fixtures.disabled.tfvars"}, + VarFiles: []string{"fixtures.us-east-2.tfvars"}, + Vars: map[string]interface{}{ + "enabled": "false", + }, + } // At the end of the test, run `terraform destroy` to clean up any resources that were created diff --git a/variables.tf b/variables.tf index 1cb1074..261bd2e 100644 --- a/variables.tf +++ b/variables.tf @@ -32,7 +32,11 @@ variable "igw_id" { variable "az_ngw_ids" { type = map(string) - description = "Only for private subnets. Map of AZ names to NAT Gateway IDs that are used as default routes when creating private subnets" + description = <<-EOT + Only for private subnets. Map of AZ names to NAT Gateway IDs that are used as default routes when creating private subnets. + You should either supply one NAT Gateway ID for each AZ in `var.availability_zones` or leave the map empty. + If empty, no default egress route will be created and you will have to create your own using `aws_route`. + EOT default = {} }