fix: cidr split with multiple azs (#193)

.github/workflows/daily-cleanup.yml

@@ -89,7 +89,7 @@ jobs:
             - name: Notify in Slack in case of failure
               id: slack-notification
               if: failure() && github.event_name == 'schedule' && steps.retry-delete-orphaned-resources.outcome == 'failure'
-              uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@033b3a26fc64d789daff444f77e0b689266c22ee # 1.2.6
+              uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@d809dbc4cd95c04cb3a00fc043aa31ef6b590515 # 1.2.7
               with:
                   vault_addr: ${{ secrets.VAULT_ADDR }}
                   vault_role_id: ${{ secrets.VAULT_ROLE_ID }}

.github/workflows/labeler.yml

@@ -20,7 +20,7 @@ jobs:
             - name: Notify in Slack in case of failure
               id: slack-notification
               if: failure() && github.event_name == 'schedule'
-              uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@033b3a26fc64d789daff444f77e0b689266c22ee # 1.2.6
+              uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@d809dbc4cd95c04cb3a00fc043aa31ef6b590515 # 1.2.7
               with:
                   vault_addr: ${{ secrets.VAULT_ADDR }}
                   vault_role_id: ${{ secrets.VAULT_ROLE_ID }}

.github/workflows/links.yml

@@ -46,7 +46,7 @@ jobs:
             - name: Notify in Slack in case of failure
               id: slack-notification
               if: failure() && github.event_name == 'schedule'
-              uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@033b3a26fc64d789daff444f77e0b689266c22ee # 1.2.6
+              uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@d809dbc4cd95c04cb3a00fc043aa31ef6b590515 # 1.2.7
               with:
                   vault_addr: ${{ secrets.VAULT_ADDR }}
                   vault_role_id: ${{ secrets.VAULT_ROLE_ID }}

.github/workflows/lint.yml

@@ -9,5 +9,5 @@ on:
 
 jobs:
     lint:
-        uses: camunda/infraex-common-config/.github/workflows/lint-global.yml@033b3a26fc64d789daff444f77e0b689266c22ee # 1.2.6
+        uses: camunda/infraex-common-config/.github/workflows/lint-global.yml@d809dbc4cd95c04cb3a00fc043aa31ef6b590515 # 1.2.7
         secrets: inherit

.github/workflows/renovate-automerge.yml

@@ -11,5 +11,5 @@ concurrency:
 
 jobs:
     renovate-automerge:
-        uses: camunda/infraex-common-config/.github/workflows/automerge-global.yml@033b3a26fc64d789daff444f77e0b689266c22ee # 1.2.6
+        uses: camunda/infraex-common-config/.github/workflows/automerge-global.yml@d809dbc4cd95c04cb3a00fc043aa31ef6b590515 # 1.2.7
         secrets: inherit

.github/workflows/test-gha-eks.yml

@@ -231,7 +231,7 @@ jobs:
             - name: Notify in Slack in case of failure
               id: slack-notification
               if: failure() && github.event_name == 'schedule'
-              uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@033b3a26fc64d789daff444f77e0b689266c22ee # 1.2.6
+              uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@d809dbc4cd95c04cb3a00fc043aa31ef6b590515 # 1.2.7
               with:
                   vault_addr: ${{ secrets.VAULT_ADDR }}
                   vault_role_id: ${{ secrets.VAULT_ROLE_ID }}

.github/workflows/tests.yml

@@ -248,7 +248,7 @@ jobs:
             - name: Notify in Slack in case of failure
               id: slack-notification
               if: github.event_name == 'schedule'
-              uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@033b3a26fc64d789daff444f77e0b689266c22ee # 1.2.6
+              uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@d809dbc4cd95c04cb3a00fc043aa31ef6b590515 # 1.2.7
               with:
                   vault_addr: ${{ secrets.VAULT_ADDR }}
                   vault_role_id: ${{ secrets.VAULT_ROLE_ID }}

.pre-commit-config.yaml

@@ -3,7 +3,7 @@
 # See https://pre-commit.com/hooks.html for more hooks
 repos:
     - repo: https://github.com/camunda/infraex-common-config
-      rev: 1.2.6 # use tags until renovate supports sha: https://github.com/renovatebot/renovate/issues/22567
+      rev: 1.2.7 # use tags until renovate supports sha: https://github.com/renovatebot/renovate/issues/22567
       hooks:
           - id: update-action-readmes-docker
 

modules/eks-cluster/vpc.tf

@@ -10,11 +10,11 @@ locals {
 
   # Private subnets for nodes
   private_subnets = [
-    for index in range(length(local.azs)) : cidrsubnet(var.cluster_node_ipv4_cidr, 3, index)
+    for index in range(length(local.azs)) : cidrsubnet(var.cluster_node_ipv4_cidr, length(local.azs), index)
   ]
 
   public_subnets = [
-    for index in range(length(local.azs)) : cidrsubnet(var.cluster_node_ipv4_cidr, 3, index + length(local.azs))
+    for index in range(length(local.azs)) : cidrsubnet(var.cluster_node_ipv4_cidr, length(local.azs), index + length(local.azs))
   ]
 }
 

test/src/custom_eks_opensearch_test.go

@@ -131,6 +131,14 @@ func (suite *CustomEKSOpenSearchTestSuite) TestCustomEKSAndOpenSearch() {
 	expectedVpcAZs := fmt.Sprintf("[%sa %sb]", suite.varTf["region"], suite.varTf["region"]) // must match availability_zones_count
 	suite.Assert().Equal(expectedVpcAZs, terraform.Output(suite.T(), terraformOptions, "vpc_azs"))
 
+	// this is a split(4)[0..1] of the base cluster_node_ipv4_cidr    = "10.192.0.0/16"
+	expectedPrivateVpcCidrBlocks := "[10.192.0.0/18 10.192.64.0/18]"
+	suite.Assert().Equal(expectedPrivateVpcCidrBlocks, terraform.Output(suite.T(), terraformOptions, "private_vpc_cidr_blocks"))
+
+	// this is a split(4)[2..1] of the base cluster_node_ipv4_cidr    = "10.192.0.0/16"
+	expectedPublicVpcCidrBlocks := "[10.192.128.0/18 10.192.192.0/18]"
+	suite.Assert().Equal(expectedPublicVpcCidrBlocks, terraform.Output(suite.T(), terraformOptions, "public_vpc_cidr_blocks"))
+
 	sess, err := utils.GetAwsClient()
 	suite.Require().NoErrorf(err, "Failed to get aws client")