diff --git a/.gitignore b/.gitignore index 44732c6..ee2aa19 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ provider.tf # macOS related files **/.DS_Store +.terraform.lock.hcl diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc index ba2e66c..3c7fa1b 100644 --- a/CHANGELOG.adoc +++ b/CHANGELOG.adoc @@ -14,6 +14,11 @@ Given a version number MAJOR.MINOR.PATCH: - MINOR version when adding functionality in a backwards compatible manner, - PATCH version when making backwards compatible bug fixes. +== v3.2.0 (unreleased) + +=== New features +* Added Remote Peering Connection capability in DRG module (feat #71) + == v3.1.0 (October 06, 2021) === New features diff --git a/README.adoc b/README.adoc index 0ac66b1..60948dd 100644 --- a/README.adoc +++ b/README.adoc @@ -41,6 +41,7 @@ It creates the following resources: * An optional NAT gateway and a route table * An optional service gateway * An optional dynamic routing gateway +* An optional remote peering connection * One or more optional Local Peering Gateways in requestor or acceptor mode, and possibilities to associate a Route Table It also controls the Default Security List, with a *Lockdown mode* that can be enabled or disabled diff --git a/README.md b/README.md index 7752730..00513fa 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ It creates the following resources: * An optional NAT gateway * An optional service gateway * An optional dynamic routing gateway +* An optional remote peering connection * One or more optional Local Peering Gateways in requestor or acceptor mode, and possibilities to associate a Route Table It also controls the Default Security List, with a *Lockdown mode* that can be enabled or disabled. diff --git a/docs/images/network_remote_peering_basic.png b/docs/images/network_remote_peering_basic.png new file mode 100644 index 0000000..642fbd2 Binary files /dev/null and b/docs/images/network_remote_peering_basic.png differ diff --git a/examples/drg/main.tf b/examples/drg/main.tf index 7ef792b..3cc950f 100644 --- a/examples/drg/main.tf +++ b/examples/drg/main.tf @@ -56,16 +56,3 @@ module "vcn_spokes" { vcn_name = each.key # string } -# resource "oci_core_remote_peering_connection" "test_rpc" { -# * boilerplate to start RPC support development -# #Required -# compartment_id = var.compartment_id -# drg_id = module.drg_hub.drg_id - -# #Optional -# # defined_tags = {"Operations.CostCenter"= "42"} -# display_name = "test_rpc" -# # freeform_tags = {"Department"= "Finance"} -# # peer_id = oci_core_remote_peering_connection.test_remote_peering_connection2.id -# # peer_region_name = var.remote_peering_connection_peer_region_name -# } diff --git a/examples/rpc/rpc_from_drg_module/README.md b/examples/rpc/rpc_from_drg_module/README.md new file mode 100644 index 0000000..586844a --- /dev/null +++ b/examples/rpc/rpc_from_drg_module/README.md @@ -0,0 +1,79 @@ +# Creating a remote VCN peering using RPCs with drg module + +[Terraform Variable Definition file]:https://www.terraform.io/docs/language/values/variables.html#variable-definitions-tfvars-files +[Input Variables]:https://www.terraform.io/docs/language/values/variables.html +[Local Values]:https://www.terraform.io/docs/language/values/locals.html +[Named Values]:https://www.terraform.io/docs/language/expressions/references.html +[docs/prerequisites]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/prerequisites.adoc +[docs/terraformoptions]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/terraformoptions.adoc +[docs/routing_rules]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/routing_rules.adoc +[Provisioning Infrastructure with Terraform]:https://www.terraform.io/docs/cli/run/index.html + +This example illustrates how to use terraform-oci-vcn and drg submodule to create a remote VCN peering between VCNs created in different regions, through a DRG. + +In the local region will be created: +- a VCN, with a private subnet for each given CIDR block, and a NAT gateway +- a DRG attached to the VCN +- the route rules to allow traffic through the Peering + +In the remote region will be created: +- a VCN with, a public subnet for each given CIDR block, and an Internet Gateway +- a DRG attached to the VCN +- the route rules to allow traffic through the Peering + +This diagram illustrates what will be created by this example. + +![diagram](../../..//docs/images/network_remote_peering_basic.png)) + +## Prerequisites + +You will need to collect the following information before you start: + +1. your OCI provider authentication values +2. a compartment OCID in which the present configuration will be created + +For detailed instructions, see [docs/prerequisites] + +## Using this example with Terraform CLI + +### Creating Providers + +You need to create 2 providers: +* 1 provider for the acceptor region where all the acceptor resources will be created (alias: acceptor) +* 1 provider for the requestor region where all the requestor resources will be created (alias: requestor) + +``` +provider "oci" { + fingerprint = var.api_fingerprint + private_key_path = var.api_private_key_path + region = var.region_acceptor + tenancy_ocid = var.tenancy_id + user_ocid = var.user_id + alias = "acceptor" +} + +provider "oci" { + fingerprint = var.api_fingerprint + private_key_path = var.api_private_key_path + region = var.region_requestor + tenancy_ocid = var.tenancy_id + user_ocid = var.user_id + alias = "requestor" +} +``` + +### Creating Terraform variables definition file + +Prepare one [Terraform Variable Definition file] named terraform.tfvars with the required authentication information. + +*TIP: You can rename and configure [terraform.tfvars.example](terraform.tfvars.example) from this example's folder.* + +Then apply the example using the following commands: + +```shell +> terraform init +> terraform plan +> terraform apply +``` + +See [Provisioning Infrastructure with Terraform] for more details about Terraform CLI and the available subcommands. diff --git a/examples/rpc/rpc_from_drg_module/main.tf b/examples/rpc/rpc_from_drg_module/main.tf new file mode 100644 index 0000000..8727312 --- /dev/null +++ b/examples/rpc/rpc_from_drg_module/main.tf @@ -0,0 +1,175 @@ +# Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/ + +# Version requirements + +terraform { + required_providers { + oci = { + source = "hashicorp/oci" + version = ">=4.41.0" + } + } + required_version = ">= 1.0.0" +} + +# Resources + +module "vcn_acceptor" { + # this module use the generic vcn module and configure it to act as vcn for RPC acceptor + source = "oracle-terraform-modules/vcn/oci" + version = "3.2.0" + + # general oci parameters + compartment_id = var.compartment_id + label_prefix = var.label_prefix + freeform_tags = var.freeform_tags + + # vcn parameters + create_drg = false #! deprecated inner drg, use drg-module instead + create_internet_gateway = false + lockdown_default_seclist = false + create_nat_gateway = true + create_service_gateway = false + vcn_cidrs = var.vcn_cidrs_acceptor + vcn_dns_label = "vcnacceptor" + vcn_name = "vcn-rpc-acceptor" + + nat_gateway_route_rules = [for cidr in var.vcn_cidrs_requestor : + { + destination = cidr # set requestor vcn cidr as destination cidr + destination_type = "CIDR_BLOCK" + network_entity_id = module.drg_acceptor.drg_id + description = "Terraformed - User added Routing Rule to requestor VCN through DRG" + } + ] + + providers = { + oci = oci.acceptor + } + +} + + +resource "oci_core_subnet" "subnet_acceptor" { + provider = oci.acceptor + count = length(var.vcn_cidrs_acceptor) + + #Required + compartment_id = var.compartment_id + vcn_id = module.vcn_acceptor.vcn_id + #in this example each subnet will use the entire vcn address space + cidr_block = var.vcn_cidrs_acceptor[count.index] + + #Optional + display_name = "sub-rpc-acceptor-${count.index}" + dns_label = "subacceptor${count.index}" + prohibit_public_ip_on_vnic = true + route_table_id = module.vcn_acceptor.nat_route_id + freeform_tags = var.freeform_tags +} + + +module "drg_acceptor" { + source = "oracle-terraform-modules/vcn/oci//modules/drg" + version = "3.2.0" + + compartment_id = var.compartment_id + label_prefix = var.label_prefix + + # drg parameters + drg_vcn_attachments = { + "vcn_acceptor" = { + vcn_id = module.vcn_acceptor.vcn_id + vcn_transit_routing_rt_id = null + drg_route_table_id = null + } + } + drg_display_name = "drg-rpc-acceptor" + + # rpc parameters + create_rpc = true + + providers = { + oci = oci.acceptor + } +} + + +module "vcn_requestor" { + # this module use the generic vcn module and configure it to act as rpc requestor vcn + source = "oracle-terraform-modules/vcn/oci" + version = "3.2.0" + + # general oci parameters + compartment_id = var.compartment_id + label_prefix = var.label_prefix + freeform_tags = var.freeform_tags + + # vcn parameters + create_drg = false #! deprecated inner drg, use drg-module instead + create_internet_gateway = true + lockdown_default_seclist = false + create_nat_gateway = false + create_service_gateway = false + vcn_cidrs = var.vcn_cidrs_requestor + vcn_dns_label = "vcnrequestor" + vcn_name = "vcn-rpc-requestor" + + internet_gateway_route_rules = [for cidr in var.vcn_cidrs_acceptor : + { + destination = cidr # set acceptor vcn cidr as destination cidr + destination_type = "CIDR_BLOCK" + network_entity_id = module.drg_requestor.drg_id + description = "Terraformed - User added Routing Rule to acceptor VCN through DRG" + } + ] + + providers = { + oci = oci.requestor + } + +} + +resource "oci_core_subnet" "subnet_requestor" { + provider = oci.requestor + count = length(var.vcn_cidrs_requestor) + + #Required + compartment_id = var.compartment_id + vcn_id = module.vcn_requestor.vcn_id + #in this example each subnet will use the entire vcn address space + cidr_block = var.vcn_cidrs_requestor[count.index] + + #Optional + display_name = "sub-rpc-requestor-${count.index}" + dns_label = "subrequestor${count.index}" + prohibit_public_ip_on_vnic = false + route_table_id = module.vcn_requestor.ig_route_id + freeform_tags = var.freeform_tags +} + +module "drg_requestor" { + source = "oracle-terraform-modules/vcn/oci//modules/drg" + version = "3.2.0" + + compartment_id = var.compartment_id + label_prefix = var.label_prefix + + # drg parameters + drg_vcn_attachments = { "vcn_requestor" = { + vcn_id = module.vcn_requestor.vcn_id + vcn_transit_routing_rt_id = null + drg_route_table_id = null + } } + drg_display_name = "drg-rpc-requestor" + + # rpc parameters + create_rpc = true + rpc_acceptor_id = module.drg_acceptor.rpc_id + rpc_acceptor_region = var.region_acceptor + + providers = { + oci = oci.requestor + } +} diff --git a/examples/rpc/rpc_from_drg_module/terraform.tfvars.example b/examples/rpc/rpc_from_drg_module/terraform.tfvars.example new file mode 100644 index 0000000..cb2a347 --- /dev/null +++ b/examples/rpc/rpc_from_drg_module/terraform.tfvars.example @@ -0,0 +1,38 @@ +# Copyright (c) 2019, 2021 Oracle Corporation and/or affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +# provider identity parameters + +api_fingerprint = "" + +api_private_key_path = "" + + + +tenancy_id = "" + +user_id = "" + +# general oci parameters + +compartment_id = "" + +label_prefix = "tf-rpc" + +freeform_tags = { + environment = "dev" + lab = "rpc" +} + +# rpc acceptor parameters +region_acceptor = "us-phoenix-1" +vcn_cidrs_acceptor = ["10.0.0.0/24"] + +# rpc requestor parameters +region_requestor = "us-ashburn-1" +vcn_cidrs_requestor = ["192.168.0.0/24"] + + + + + diff --git a/examples/rpc/rpc_from_drg_module/variables.tf b/examples/rpc/rpc_from_drg_module/variables.tf new file mode 100644 index 0000000..af8199e --- /dev/null +++ b/examples/rpc/rpc_from_drg_module/variables.tf @@ -0,0 +1,83 @@ +# Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +# provider identity parameters +variable "api_fingerprint" { + description = "fingerprint of oci api private key" + type = string + # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc +} + +variable "api_private_key_path" { + description = "path to oci api private key used" + type = string + # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc +} + +variable "tenancy_id" { + description = "tenancy id where to create the sources" + type = string + # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc +} + +variable "user_id" { + description = "id of user that terraform will use to create the resources" + type = string + # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc +} + +# general oci parameters + +variable "compartment_id" { + description = "compartment id where to create all resources" + type = string + # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc +} + +variable "label_prefix" { + description = "a string that will be prepended to all resources" + type = string + default = "terraform-oci" +} + +variable "freeform_tags" { + description = "simple key-value pairs to tag the created resources using freeform OCI Free-form tags." + type = map(any) + default = { + terraformed = "please do not edit manually" + module = "oracle-terraform-modules/vcn/oci" + } +} + + +# acceptor parameters + +variable "region_acceptor" { + description = "the oci region where RPC acceptor resources will be created" + type = string + # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc + # List of regions: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#ServiceAvailabilityAcrossRegions +} + +variable "vcn_cidrs_acceptor" { + description = "The updatable list of IPv4 CIDR blocks the RPC acceptor VCN will use." + type = list(string) + default = ["10.0.0.0/24"] +} + +# requestor parameter + +variable "region_requestor" { + description = "OCI region where RPC requstor resources will be created" + type = string + # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc + # List of regions: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#ServiceAvailabilityAcrossRegions +} + +variable "vcn_cidrs_requestor" { + description = "The updatable list of IPv4 CIDR blocks the RPC requestor VCN will use." + type = list(string) + default = ["192.168.0.0/24"] +} + + diff --git a/examples/rpc/rpc_from_vcn_module/README.md b/examples/rpc/rpc_from_vcn_module/README.md new file mode 100644 index 0000000..a0ec28c --- /dev/null +++ b/examples/rpc/rpc_from_vcn_module/README.md @@ -0,0 +1,80 @@ +# Creating a remote VCN peering using RPCs with terraform-oci-vcn + +[Terraform Variable Definition file]:https://www.terraform.io/docs/language/values/variables.html#variable-definitions-tfvars-files +[Input Variables]:https://www.terraform.io/docs/language/values/variables.html +[Local Values]:https://www.terraform.io/docs/language/values/locals.html +[Named Values]:https://www.terraform.io/docs/language/expressions/references.html +[docs/prerequisites]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/prerequisites.adoc +[docs/terraformoptions]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/terraformoptions.adoc +[docs/routing_rules]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/routing_rules.adoc +[Provisioning Infrastructure with Terraform]:https://www.terraform.io/docs/cli/run/index.html + +This example illustrates how to use terraform-oci-vcn to create a remote VCN peering between VCNs created in different regions, using the Remote Peering Gateway. +> **Note:** This example is provide for backwards compatibility, using the vcn module to handle the DRG and RPC. For new projects you should use [this one](../rpc_from_drg_module/README.md) + +In the acceptor region will be created: +- a VCN, with a private subnet for each given CIDR block, and a NAT gateway +- a DRG attached to the VCN +- the route rules to allow traffic through the Peering + +In the requestor region will be created: +- a VCN with, a public subnet for each given CIDR block, and an Internet Gateway +- a DRG attached to the VCN +- the route rules to allow traffic through the Peering + +This diagram illustrates what will be created by this example. + +![diagram](../../..//docs/images/network_remote_peering_basic.png) + +## Prerequisites + +You will need to collect the following information before you start: + +1. your OCI provider authentication values +2. a compartment OCID in which the present configuration will be created + +For detailed instructions, see [docs/prerequisites] + +## Using this example with Terraform CLI + +### Creating Providers + +You need to create 2 providers: +* 1 provider for the local region where all the local resources will be created +* 1 provider for the remote region where all the remote resources will be created (alias: remote) + +``` +provider "oci" { + fingerprint = var.api_fingerprint + private_key_path = var.api_private_key_path + region = var.region_acceptor + tenancy_ocid = var.tenancy_id + user_ocid = var.user_id + alias = "acceptor" +} + +provider "oci" { + fingerprint = var.api_fingerprint + private_key_path = var.api_private_key_path + region = var.region_requestor + tenancy_ocid = var.tenancy_id + user_ocid = var.user_id + alias = "requestor" +} +``` + +### Creating Terraform variables definition file + +Prepare one [Terraform Variable Definition file] named terraform.tfvars with the required authentication information. + +*TIP: You can rename and configure [terraform.tfvars.example](terraform.tfvars.example) from this example's folder.* + +Then apply the example using the following commands: + +```shell +> terraform init +> terraform plan +> terraform apply +``` + +See [Provisioning Infrastructure with Terraform] for more details about Terraform CLI and the available subcommands. diff --git a/examples/rpc/rpc_from_vcn_module/main.tf b/examples/rpc/rpc_from_vcn_module/main.tf new file mode 100644 index 0000000..875941f --- /dev/null +++ b/examples/rpc/rpc_from_vcn_module/main.tf @@ -0,0 +1,128 @@ +# Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/ + +# Version requirements + +terraform { + required_providers { + oci = { + source = "hashicorp/oci" + version = ">=4.41.0" + } + } + required_version = ">= 1.0.0" +} + +# Resources + +module "vcn_acceptor" { + # this module use the generic vcn module and configure it to act as rpc acceptor vcn + source = "oracle-terraform-modules/vcn/oci" + version = "3.2.0" + + # general oci parameters + compartment_id = var.compartment_id + label_prefix = var.label_prefix + freeform_tags = var.freeform_tags + + # vcn parameters + create_drg = true + create_rpc = true + create_internet_gateway = false + lockdown_default_seclist = false + create_nat_gateway = true + create_service_gateway = false + vcn_cidrs = var.vcn_cidrs_acceptor + vcn_dns_label = "vcnacceptor" + vcn_name = "vcn-rpc-acceptor" + + nat_gateway_route_rules = [for cidr in var.vcn_cidrs_requestor : + { + destination = cidr # set requestor vcn cidr as destination cidr + destination_type = "CIDR_BLOCK" + network_entity_id = "drg" + description = "Terraformed - User added Routing Rule to requestor VCN through DRG" + } + ] + + providers = { + oci = oci.acceptor + } + +} + +resource "oci_core_subnet" "subnet_acceptor" { + provider = oci.acceptor + count = length(var.vcn_cidrs_acceptor) + + #Required + compartment_id = var.compartment_id + vcn_id = module.vcn_acceptor.vcn_id + #in this example each subnet will use the entire vcn address space + cidr_block = var.vcn_cidrs_acceptor[count.index] + + #Optional + display_name = "sub-rpc-acceptor-${count.index}" + dns_label = "subacceptor${count.index}" + prohibit_public_ip_on_vnic = true + route_table_id = module.vcn_acceptor.nat_route_id + freeform_tags = var.freeform_tags +} + + +module "vcn_requestor" { + # this module use the generic vcn module and configure it to act as rpc requestor vcn + source = "oracle-terraform-modules/vcn/oci" + version = "3.2.0" + + # general oci parameters + compartment_id = var.compartment_id + label_prefix = var.label_prefix + freeform_tags = var.freeform_tags + + # vcn parameters + create_drg = true + create_rpc = true + create_internet_gateway = true + lockdown_default_seclist = false + create_nat_gateway = false + create_service_gateway = false + vcn_cidrs = var.vcn_cidrs_requestor + vcn_dns_label = "vcnrequestor" + vcn_name = "vcn-rpc-requestor" + + internet_gateway_route_rules = [for cidr in var.vcn_cidrs_acceptor : + { + destination = cidr # set acceptor vcn cidr as destination cidr + destination_type = "CIDR_BLOCK" + network_entity_id = "drg" + description = "Terraformed - User added Routing Rule to acceptor VCN through DRG" + } + ] + + drg_rpc_acceptor_id = module.vcn_acceptor.rpc_id + drg_rpc_acceptor_region = var.region_acceptor + + providers = { + oci = oci.requestor + } + +} + +resource "oci_core_subnet" "subnet_requestor" { + provider = oci.requestor + count = length(var.vcn_cidrs_requestor) + + #Required + compartment_id = var.compartment_id + vcn_id = module.vcn_requestor.vcn_id + #in this example each subnet will use the entire vcn address space + cidr_block = var.vcn_cidrs_requestor[count.index] + + #Optional + display_name = "sub-rpc-requestor-${count.index}" + dns_label = "subrequestor${count.index}" + prohibit_public_ip_on_vnic = false + route_table_id = module.vcn_requestor.ig_route_id + freeform_tags = var.freeform_tags +} diff --git a/examples/rpc/rpc_from_vcn_module/terraform.tfvars.example b/examples/rpc/rpc_from_vcn_module/terraform.tfvars.example new file mode 100644 index 0000000..cb2a347 --- /dev/null +++ b/examples/rpc/rpc_from_vcn_module/terraform.tfvars.example @@ -0,0 +1,38 @@ +# Copyright (c) 2019, 2021 Oracle Corporation and/or affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +# provider identity parameters + +api_fingerprint = "" + +api_private_key_path = "" + + + +tenancy_id = "" + +user_id = "" + +# general oci parameters + +compartment_id = "" + +label_prefix = "tf-rpc" + +freeform_tags = { + environment = "dev" + lab = "rpc" +} + +# rpc acceptor parameters +region_acceptor = "us-phoenix-1" +vcn_cidrs_acceptor = ["10.0.0.0/24"] + +# rpc requestor parameters +region_requestor = "us-ashburn-1" +vcn_cidrs_requestor = ["192.168.0.0/24"] + + + + + diff --git a/examples/rpc/rpc_from_vcn_module/variables.tf b/examples/rpc/rpc_from_vcn_module/variables.tf new file mode 100644 index 0000000..2da9f11 --- /dev/null +++ b/examples/rpc/rpc_from_vcn_module/variables.tf @@ -0,0 +1,83 @@ +# Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +# provider identity parameters +variable "api_fingerprint" { + description = "fingerprint of oci api private key" + type = string + # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc +} + +variable "api_private_key_path" { + description = "path to oci api private key used" + type = string + # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc +} + + +variable "tenancy_id" { + description = "tenancy id where to create the sources" + type = string + # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc +} + +variable "user_id" { + description = "id of user that terraform will use to create the resources" + type = string + # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc +} + +# general oci parameters + +variable "compartment_id" { + description = "compartment id where to create all resources" + type = string + # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc +} + +variable "label_prefix" { + description = "a string that will be prepended to all resources" + type = string + default = "terraform-oci" +} + +variable "freeform_tags" { + description = "simple key-value pairs to tag the created resources using freeform OCI Free-form tags." + type = map(any) + default = { + terraformed = "please do not edit manually" + module = "oracle-terraform-modules/vcn/oci" + } +} + +# acceptor parameters + +variable "region_acceptor" { + description = "the oci region where RPC acceptor resources will be created" + type = string + # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc + # List of regions: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#ServiceAvailabilityAcrossRegions +} + +variable "vcn_cidrs_acceptor" { + description = "The updatable list of IPv4 CIDR blocks the RPC acceptor VCN will use." + type = list(string) + default = ["10.0.0.0/24"] + +} + +# requestor parameter + +variable "region_requestor" { + description = "OCI region where RPC requstor resources will be created" + type = string + # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc + # List of regions: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#ServiceAvailabilityAcrossRegions +} + +variable "vcn_cidrs_requestor" { + description = "The updatable list of IPv4 CIDR blocks the RPC requestor VCN will use." + type = list(string) + default = ["192.168.0.0/24"] +} + diff --git a/main.tf b/main.tf index f20e94d..5e9673f 100644 --- a/main.tf +++ b/main.tf @@ -15,5 +15,14 @@ module "drg_from_vcn_module" { # drg parameters drg_display_name = var.label_prefix == "none" ? "${var.drg_display_name}_created_from_${var.vcn_name}" : "${var.drg_display_name}" - count = var.create_drg == true ? 1 : 0 -} \ No newline at end of file + #rpc parameters + create_rpc = var.create_rpc + rpc_acceptor_id = var.drg_rpc_acceptor_id + rpc_acceptor_region = var.drg_rpc_acceptor_region + + + count = var.create_drg == true || var.create_rpc == true ? 1 : 0 +} + + + diff --git a/modules/drg/README.md b/modules/drg/README.md index b378027..068e07c 100644 --- a/modules/drg/README.md +++ b/modules/drg/README.md @@ -20,6 +20,7 @@ No requirements. |------|------| | [oci_core_drg.drg](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/core_drg) | resource | | [oci_core_drg_attachment.vcns](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/core_drg_attachment) | resource | +| [oci_core_remote_peering_connection.rpc](https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/core_remote_peering_connections) | resource | ## Inputs | Name | Description | Type | Default | Required | @@ -31,6 +32,9 @@ No requirements. | [freeform\_tags](#input\_freeform\_tags) | simple key-value pairs to tag the created resources using freeform OCI Free-form tags. | `map(any)` | 
{
  "module": "oracle-terraform-modules/vcn/oci//modules/drg",
  "terraformed": "Please do not edit manually"
}
| no | | [label\_prefix](#input\_label\_prefix) | a string that will be prepended to all resources | `string` | `"none"` | no | | [region](#input\_region) | the OCI region where resources will be created | `string` | `null` | no | +| [create\_rpc](#input\_create\_rpc) | whether to create Remote Peering Connection. If set to true, creates an Remote Peerin Connection | `bool` | `false` | no | +| [remote\_rpc\_id](#input\_remote\_\rpc\_id) | the Remote Peering Connection ID to peer with, running in a remote OCI region. It is required in only one of the two RPCs to establish the peering | `string` | `null` | no | +| [remote\_rpc\_region](#input\_remote\_rpc\_region) | the remote OCI region to establish the peer with. List of regions can be found here: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#ServiceAvailabilityAcrossRegions | `string` | `null` | no | ## Outputs | Name | Description | @@ -40,5 +44,8 @@ No requirements. | [drg\_display\_name](#output\_drg\_display\_name) | display name of drg if it is created | | [drg\_id](#output\_drg\_id) | id of drg if it is created | | [drg\_summary](#output\_drg\_summary) | drg information summary | +| [rpc\_id](#output\_rpc\_id) | id of rpc if it is created | +| [rpc\_display\_name](#output\_rpc\_display\_name) | display name of rpc if it is created | +| [rpc\_all\_attributes](#output\_rpc\_all\_attributes) | all attributes related to rpc | \ No newline at end of file diff --git a/modules/drg/drg.tf b/modules/drg/drg.tf index 4e02efe..b87af58 100644 --- a/modules/drg/drg.tf +++ b/modules/drg/drg.tf @@ -30,3 +30,21 @@ resource "oci_core_drg_attachment" "vcns" { export_drg_route_distribution_id = null # (Optional) (Updatable) string remove_export_drg_route_distribution_trigger = false # (Optional) (Updatable) boolean } + +resource "oci_core_remote_peering_connection" "rpc" { + + compartment_id = var.compartment_id + drg_id = oci_core_drg.drg.id + display_name = var.label_prefix == "none" ? "rpc_created_from_${var.drg_display_name}" : "${var.label_prefix}_rpc" + + freeform_tags = var.freeform_tags + defined_tags = var.defined_tags + + + peer_id = var.rpc_acceptor_id + peer_region_name = var.rpc_acceptor_region + + count = var.create_rpc == true ? 1 : 0 + +} + diff --git a/modules/drg/outputs.tf b/modules/drg/outputs.tf index c4798e9..75ed9bc 100644 --- a/modules/drg/outputs.tf +++ b/modules/drg/outputs.tf @@ -6,11 +6,14 @@ output "drg_id" { value = join(",", oci_core_drg.drg[*].id) } + + output "drg_display_name" { description = "display name of drg if it is created" value = join(",", oci_core_drg.drg[*].display_name) } + # Complete outputs for each resources with provider parity. Auto-updating. # Usefull for module composition. @@ -30,6 +33,31 @@ output "drg_summary" { (oci_core_drg.drg.display_name) = { drg_id = oci_core_drg.drg.id vcn_attachments = { for k, v in oci_core_drg_attachment.vcns : k => v.network_details[0].id } + + } + "rpc" = { + display_name = join(",", oci_core_remote_peering_connection.rpc[*].display_name) + rpc_id = join(",", oci_core_remote_peering_connection.rpc[*].id) } } } + + + +output "rpc_id" { + description = "id of RPC if it is created" + value = join(",", oci_core_remote_peering_connection.rpc[*].id) +} + +output "rpc_display_name" { + description = "display name of RPC if it is created" + value = join(",", oci_core_remote_peering_connection.rpc[*].display_name) +} + +output "rpc_all_attributes" { + description = "all attributes of created RPC" + value = { for k, v in oci_core_remote_peering_connection.rpc : k => v } +} + + + diff --git a/modules/drg/variables.tf b/modules/drg/variables.tf index 1e59426..4b4b68b 100644 --- a/modules/drg/variables.tf +++ b/modules/drg/variables.tf @@ -57,3 +57,24 @@ variable "drg_vcn_attachments" { type = map(any) default = null } + +variable "create_rpc" { + description = "Whether to create Remote Peering Connection. If set to true, creates an RPC" + type = bool + default = false +} + +variable "rpc_acceptor_id" { + description = "the ID of the remote RPC" + type = string + default = null +} +variable "rpc_acceptor_region" { + # List of regions: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#ServiceAvailabilityAcrossRegions + description = "the OCI region where the Remote Peering Connection will be established with" + type = string + default = null +} + + + diff --git a/outputs.tf b/outputs.tf index b30d782..d8267b3 100644 --- a/outputs.tf +++ b/outputs.tf @@ -11,6 +11,12 @@ output "drg_id" { description = "Deprecated: Use drg sub-module instead. id of drg if it is created" value = join(",", module.drg_from_vcn_module[*].drg_id) } + +output "rpc_id" { + description = "id of rpc if it is created" + value = join(",", module.drg_from_vcn_module[*].rpc_id) +} + output "nat_gateway_id" { description = "id of nat gateway if it is created" value = join(",", oci_core_nat_gateway.nat_gateway[*].id) @@ -79,3 +85,7 @@ output "vcn_all_attributes" { description = "all attributes of created vcn" value = { for k, v in oci_core_vcn.vcn : k => v } } + +output "drg_summary" { + value = { for k, v in module.drg_from_vcn_module : k => v.drg_summary } +} diff --git a/variables.tf b/variables.tf index fa4f530..9dbc370 100644 --- a/variables.tf +++ b/variables.tf @@ -42,6 +42,12 @@ variable "create_drg" { default = false } +variable "create_rpc" { + description = "Whether to create Remote Peering Connection in the DRG module. It requires a DRG to be created" + type = bool + default = false +} + variable "create_internet_gateway" { description = "whether to create the internet gateway in the vcn. If set to true, creates an Internet Gateway." default = false @@ -119,6 +125,20 @@ variable "drg_display_name" { } } +variable "drg_rpc_acceptor_id" { + #! Added for compatibility with inner drg management. Please use drg sub-module instead + description = "the ID of the RPC acceptor" + type = string + default = null +} +variable "drg_rpc_acceptor_region" { + #! Added for compatibility with inner drg management. Please use drg sub-module instead + # List of regions: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#ServiceAvailabilityAcrossRegions + description = "the OCI region where the Remote Peering Connection will be established with" + type = string + default = null +} + variable "internet_gateway_display_name" { description = "(Updatable) Name of Internet Gateway. Does not have to be unique." type = string