Merge branch 'main' of https://github.com/terraform-ibm-modules/terra…

…form-ibm-landing-zone into alt-approach
terraform-ibm-modules · Sep 8, 2023 · 35134ca · 35134ca
2 parents 69126e7 + 459d6c8
commit 35134ca
Show file tree

Hide file tree

Showing 29 changed files with 108 additions and 23 deletions.
diff --git a/README.md b/README.md
@@ -981,6 +981,7 @@ statement instead the previous block.
 | <a name="input_teleport_config_data"></a> [teleport\_config\_data](#input\_teleport\_config\_data) | Teleport config data. This is used to create a single template for all teleport instances to use. Creating a single template allows for values to remain sensitive | <pre>object({<br>    teleport_license   = optional(string)<br>    https_cert         = optional(string)<br>    https_key          = optional(string)<br>    domain             = optional(string)<br>    cos_bucket_name    = optional(string)<br>    cos_key_name       = optional(string)<br>    teleport_version   = optional(string)<br>    message_of_the_day = optional(string)<br>    hostname           = optional(string)<br>    app_id_key_name    = optional(string)<br>    claims_to_roles = optional(<br>      list(<br>        object({<br>          email = string<br>          roles = list(string)<br>        })<br>      )<br>    )<br>  })</pre> | `null` | no |
 | <a name="input_teleport_vsi"></a> [teleport\_vsi](#input\_teleport\_vsi) | A list of teleport vsi deployments | <pre>list(<br>    object(<br>      {<br>        name                            = string<br>        vpc_name                        = string<br>        resource_group                  = optional(string)<br>        subnet_name                     = string<br>        ssh_keys                        = list(string)<br>        boot_volume_encryption_key_name = string<br>        image_name                      = string<br>        machine_type                    = string<br>        access_tags                     = optional(list(string), [])<br>        security_groups                 = optional(list(string))<br>        security_group = optional(<br>          object({<br>            name = string<br>            rules = list(<br>              object({<br>                name      = string<br>                direction = string<br>                source    = string<br>                tcp = optional(<br>                  object({<br>                    port_max = number<br>                    port_min = number<br>                  })<br>                )<br>                udp = optional(<br>                  object({<br>                    port_max = number<br>                    port_min = number<br>                  })<br>                )<br>                icmp = optional(<br>                  object({<br>                    type = number<br>                    code = number<br>                  })<br>                )<br>              })<br>            )<br>          })<br>        )<br><br><br>      }<br>    )<br>  )</pre> | `[]` | no |
 | <a name="input_transit_gateway_connections"></a> [transit\_gateway\_connections](#input\_transit\_gateway\_connections) | Transit gateway vpc connections. Will only be used if transit gateway is enabled. | `list(string)` | n/a | yes |
+| <a name="input_transit_gateway_global"></a> [transit\_gateway\_global](#input\_transit\_gateway\_global) | Connect to the networks outside the associated region. Will only be used if transit gateway is enabled. | `bool` | `false` | no |
 | <a name="input_transit_gateway_resource_group"></a> [transit\_gateway\_resource\_group](#input\_transit\_gateway\_resource\_group) | Name of resource group to use for transit gateway. Must be included in `var.resource_group` | `string` | n/a | yes |
 | <a name="input_virtual_private_endpoints"></a> [virtual\_private\_endpoints](#input\_virtual\_private\_endpoints) | Object describing VPE to be created | <pre>list(<br>    object({<br>      service_name   = string<br>      service_type   = string<br>      resource_group = optional(string)<br>      access_tags    = optional(list(string), [])<br>      vpcs = list(<br>        object({<br>          name                = string<br>          subnets             = list(string)<br>          security_group_name = optional(string)<br>        })<br>      )<br>    })<br>  )</pre> | n/a | yes |
 | <a name="input_vpc_placement_groups"></a> [vpc\_placement\_groups](#input\_vpc\_placement\_groups) | List of VPC placement groups to create | <pre>list(<br>    object({<br>      access_tags    = optional(list(string), [])<br>      name           = string<br>      resource_group = optional(string)<br>      strategy       = string<br>    })<br>  )</pre> | `[]` | no |

diff --git a/examples/one-vpc-one-vsi/override.json b/examples/one-vpc-one-vsi/override.json
@@ -1,5 +1,6 @@
 {
     "enable_transit_gateway": false,
+    "transit_gateway_global": false,
     "virtual_private_endpoints": [],
     "service_endpoints": "private",
     "security_groups": [],

diff --git a/examples/override-example/override.json b/examples/override-example/override.json
@@ -11,6 +11,7 @@
     },
     "clusters": [],
     "enable_transit_gateway": true,
+    "transit_gateway_global": false,
     "transit_gateway_connections": [
       "management",
       "workload",

diff --git a/module-metadata.json b/module-metadata.json
@@ -11,7 +11,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 1144
+        "line": 1150
       }
     },
     "add_kms_block_storage_s2s": {
@@ -25,7 +25,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 1509
+        "line": 1515
       }
     },
     "appid": {
@@ -42,7 +42,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 900
+        "line": 906
       }
     },
     "atracker": {
@@ -56,7 +56,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 779
+        "line": 785
       }
     },
     "clusters": {
@@ -69,7 +69,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 795
+        "line": 801
       }
     },
     "cos": {
@@ -82,7 +82,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 481
+        "line": 487
       }
     },
     "enable_transit_gateway": {
@@ -112,7 +112,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 1413
+        "line": 1419
       }
     },
     "f5_vsi": {
@@ -125,7 +125,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 1276
+        "line": 1282
       }
     },
     "iam_account_settings": {
@@ -149,7 +149,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 1038
+        "line": 1044
       }
     },
     "ibmcloud_api_key": {
@@ -177,7 +177,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 706
+        "line": 712
       }
     },
     "network_cidr": {
@@ -309,7 +309,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 1459
+        "line": 1465
       }
     },
     "security_groups": {
@@ -322,7 +322,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 383
+        "line": 389
       }
     },
     "service_endpoints": {
@@ -332,7 +332,7 @@
       "default": "private",
       "pos": {
         "filename": "variables.tf",
-        "line": 695
+        "line": 701
       }
     },
     "ssh_keys": {
@@ -345,7 +345,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 237
+        "line": 243
       }
     },
     "tags": {
@@ -409,7 +409,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 944
+        "line": 950
       }
     },
     "teleport_vsi": {
@@ -422,7 +422,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 970
+        "line": 976
       }
     },
     "transit_gateway_connections": {
@@ -432,7 +432,20 @@
       "required": true,
       "pos": {
         "filename": "variables.tf",
-        "line": 226
+        "line": 232
+      }
+    },
+    "transit_gateway_global": {
+      "name": "transit_gateway_global",
+      "type": "bool",
+      "description": "Connect to the networks outside the associated region. Will only be used if transit gateway is enabled.",
+      "default": false,
+      "source": [
+        "ibm_tg_gateway.transit_gateway.global"
+      ],
+      "pos": {
+        "filename": "variables.tf",
+        "line": 221
       }
     },
     "transit_gateway_resource_group": {
@@ -442,7 +455,7 @@
       "required": true,
       "pos": {
         "filename": "variables.tf",
-        "line": 221
+        "line": 227
       }
     },
     "virtual_private_endpoints": {
@@ -455,7 +468,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 455
+        "line": 461
       }
     },
     "vpc_placement_groups": {
@@ -468,7 +481,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 1477
+        "line": 1483
       }
     },
     "vpcs": {
@@ -507,7 +520,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 270
+        "line": 276
       }
     },
     "wait_till": {
@@ -520,7 +533,7 @@
       ],
       "pos": {
         "filename": "variables.tf",
-        "line": 879
+        "line": 885
       }
     }
   },
@@ -1307,6 +1320,7 @@
       "name": "transit_gateway",
       "attributes": {
         "count": "enable_transit_gateway",
+        "global": "transit_gateway_global",
         "location": "region",
         "name": "prefix"
       },

diff --git a/patterns/mixed/config.tf b/patterns/mixed/config.tf
@@ -177,6 +177,7 @@ locals {
     resource_groups                = module.dynamic_values.resource_groups
     vpcs                           = module.dynamic_values.vpcs
     enable_transit_gateway         = var.enable_transit_gateway
+    transit_gateway_global         = var.transit_gateway_global
     transit_gateway_resource_group = "${var.prefix}-service-rg"
     transit_gateway_connections    = module.dynamic_values.vpc_list
     object_storage                 = module.dynamic_values.object_storage
@@ -287,6 +288,7 @@ locals {
     vpcs                           = lookup(local.override[local.override_type], "vpcs", local.config.vpcs)
     vpn_gateways                   = lookup(local.override[local.override_type], "vpn_gateways", local.config.vpn_gateways)
     enable_transit_gateway         = lookup(local.override[local.override_type], "enable_transit_gateway", local.config.enable_transit_gateway)
+    transit_gateway_global         = lookup(local.override[local.override_type], "transit_gateway_global", local.config.transit_gateway_global)
     transit_gateway_resource_group = lookup(local.override[local.override_type], "transit_gateway_resource_group", local.config.transit_gateway_resource_group)
     transit_gateway_connections    = lookup(local.override[local.override_type], "transit_gateway_connections", local.config.transit_gateway_connections)
     ssh_keys                       = lookup(local.override[local.override_type], "ssh_keys", local.ssh_keys)

diff --git a/patterns/mixed/main.tf b/patterns/mixed/main.tf
@@ -25,6 +25,7 @@ module "landing_zone" {
   vpcs                           = local.env.vpcs
   vpn_gateways                   = local.env.vpn_gateways
   enable_transit_gateway         = local.env.enable_transit_gateway
+  transit_gateway_global         = local.env.transit_gateway_global
   transit_gateway_resource_group = local.env.transit_gateway_resource_group
   transit_gateway_connections    = local.env.transit_gateway_connections
   ssh_keys                       = local.env.ssh_keys

diff --git a/patterns/mixed/override.json b/patterns/mixed/override.json
@@ -90,6 +90,7 @@
         }
     ],
     "enable_transit_gateway": true,
+    "transit_gateway_global": false,
     "key_management": {
         "keys": [
             {

diff --git a/patterns/mixed/variables.tf b/patterns/mixed/variables.tf
@@ -78,6 +78,12 @@ variable "enable_transit_gateway" {
   default     = true
 }
 
+variable "transit_gateway_global" {
+  description = "Connect to the networks outside the associated region. Will only be used if transit gateway is enabled."
+  type        = bool
+  default     = false
+}
+
 variable "add_atracker_route" {
   description = "Atracker can only have one route per zone. use this value to disable or enable the creation of atracker route"
   type        = bool

diff --git a/patterns/roks/main.tf b/patterns/roks/main.tf
@@ -29,6 +29,7 @@ module "roks_landing_zone" {
   network_cidr                        = var.network_cidr
   vpcs                                = var.vpcs
   enable_transit_gateway              = var.enable_transit_gateway
+  transit_gateway_global              = var.transit_gateway_global
   ssh_public_key                      = var.ssh_public_key
   update_all_workers                  = var.update_all_workers
   existing_ssh_key_name               = var.existing_ssh_key_name

diff --git a/patterns/roks/module/config.tf b/patterns/roks/module/config.tf
@@ -156,6 +156,7 @@ locals {
     resource_groups                = module.dynamic_values.resource_groups
     vpcs                           = module.dynamic_values.vpcs
     enable_transit_gateway         = var.enable_transit_gateway
+    transit_gateway_global         = var.transit_gateway_global
     transit_gateway_resource_group = "${var.prefix}-service-rg"
     transit_gateway_connections    = module.dynamic_values.vpc_list
     object_storage                 = module.dynamic_values.object_storage
@@ -267,6 +268,7 @@ locals {
     vpcs                           = lookup(local.override[local.override_type], "vpcs", local.config.vpcs)
     vpn_gateways                   = lookup(local.override[local.override_type], "vpn_gateways", local.config.vpn_gateways)
     enable_transit_gateway         = lookup(local.override[local.override_type], "enable_transit_gateway", local.config.enable_transit_gateway)
+    transit_gateway_global         = lookup(local.override[local.override_type], "transit_gateway_global", local.config.transit_gateway_global)
     transit_gateway_resource_group = lookup(local.override[local.override_type], "transit_gateway_resource_group", local.config.transit_gateway_resource_group)
     transit_gateway_connections    = lookup(local.override[local.override_type], "transit_gateway_connections", local.config.transit_gateway_connections)
     ssh_keys                       = lookup(local.override[local.override_type], "ssh_keys", local.config.ssh_keys)

diff --git a/patterns/roks/module/main.tf b/patterns/roks/module/main.tf
@@ -12,6 +12,7 @@ module "landing_zone" {
   vpcs                           = local.env.vpcs
   vpn_gateways                   = local.env.vpn_gateways
   enable_transit_gateway         = local.env.enable_transit_gateway
+  transit_gateway_global         = local.env.transit_gateway_global
   transit_gateway_resource_group = local.env.transit_gateway_resource_group
   transit_gateway_connections    = local.env.transit_gateway_connections
   ssh_keys                       = local.env.ssh_keys

diff --git a/patterns/roks/module/variables.tf b/patterns/roks/module/variables.tf
@@ -62,6 +62,12 @@ variable "enable_transit_gateway" {
   default     = true
 }
 
+variable "transit_gateway_global" {
+  description = "Connect to the networks outside the associated region. Will only be used if transit gateway is enabled."
+  type        = bool
+  default     = false
+}
+
 variable "add_atracker_route" {
   description = "Atracker can only have one route per zone. use this value to disable or enable the creation of atracker route"
   type        = bool

diff --git a/patterns/roks/override.json b/patterns/roks/override.json
@@ -125,6 +125,7 @@
       }
   ],
   "enable_transit_gateway": true,
+  "transit_gateway_global": false,
   "key_management": {
       "keys": [
           {

diff --git a/patterns/roks/variables.tf b/patterns/roks/variables.tf
@@ -62,6 +62,12 @@ variable "enable_transit_gateway" {
   default     = true
 }
 
+variable "transit_gateway_global" {
+  description = "Connect to the networks outside the associated region. Will only be used if transit gateway is enabled."
+  type        = bool
+  default     = false
+}
+
 variable "add_atracker_route" {
   description = "Atracker can only have one route per zone. use this value to disable or enable the creation of atracker route"
   type        = bool

diff --git a/patterns/vpc/main.tf b/patterns/vpc/main.tf
@@ -26,6 +26,7 @@ module "vpc_landing_zone" {
   network_cidr                        = var.network_cidr
   vpcs                                = var.vpcs
   enable_transit_gateway              = var.enable_transit_gateway
+  transit_gateway_global              = var.transit_gateway_global
   add_kms_block_storage_s2s           = var.add_kms_block_storage_s2s
   ibmcloud_api_key                    = var.ibmcloud_api_key
   add_atracker_route                  = var.add_atracker_route

diff --git a/patterns/vpc/module/config.tf b/patterns/vpc/module/config.tf
@@ -106,6 +106,7 @@ locals {
     resource_groups                = module.dynamic_values.resource_groups
     vpcs                           = module.dynamic_values.vpcs
     enable_transit_gateway         = var.enable_transit_gateway
+    transit_gateway_global         = var.transit_gateway_global
     transit_gateway_resource_group = "${var.prefix}-service-rg"
     transit_gateway_connections    = module.dynamic_values.vpc_list
     object_storage                 = module.dynamic_values.object_storage
@@ -217,6 +218,7 @@ locals {
     vpcs                           = lookup(local.override[local.override_type], "vpcs", local.config.vpcs)
     vpn_gateways                   = lookup(local.override[local.override_type], "vpn_gateways", local.config.vpn_gateways)
     enable_transit_gateway         = lookup(local.override[local.override_type], "enable_transit_gateway", local.config.enable_transit_gateway)
+    transit_gateway_global         = lookup(local.override[local.override_type], "transit_gateway_global", local.config.transit_gateway_global)
     transit_gateway_resource_group = lookup(local.override[local.override_type], "transit_gateway_resource_group", local.config.transit_gateway_resource_group)
     transit_gateway_connections    = lookup(local.override[local.override_type], "transit_gateway_connections", local.config.transit_gateway_connections)
     ssh_keys                       = lookup(local.override[local.override_type], "ssh_keys", local.config.ssh_keys)

diff --git a/patterns/vpc/module/main.tf b/patterns/vpc/module/main.tf
@@ -12,6 +12,7 @@ module "landing_zone" {
   vpcs                           = local.env.vpcs
   vpn_gateways                   = local.env.vpn_gateways
   enable_transit_gateway         = local.env.enable_transit_gateway
+  transit_gateway_global         = local.env.transit_gateway_global
   transit_gateway_resource_group = local.env.transit_gateway_resource_group
   transit_gateway_connections    = local.env.transit_gateway_connections
   ssh_keys                       = local.env.ssh_keys

diff --git a/patterns/vpc/module/variables.tf b/patterns/vpc/module/variables.tf
@@ -62,6 +62,12 @@ variable "enable_transit_gateway" {
   default     = true
 }
 
+variable "transit_gateway_global" {
+  description = "Connect to the networks outside the associated region. Will only be used if transit gateway is enabled."
+  type        = bool
+  default     = false
+}
+
 variable "add_atracker_route" {
   description = "Atracker can only have one route per zone. use this value to disable or enable the creation of atracker route"
   type        = bool