Release 0.6.6 (#23)

* Release 0.6.5

* Release 0.6.5

* feat: outputting NLBs private IPs info

* feat: dependency on private IPs added

* feat: drg_attachments dependency in route distributions statements

* fix: drg_attachment_key dependency

* fix: drg attachment name commented

* fix: DRGs added to route rules targets

* fix: route rules target

* debug

* fix: drg_attachment_id reference

* debug

* fix: drg_attachments added as dependency

* doc: dependencies section updated

* doc: formatting

* fix: formatting

* doc: variable description

* doc: updates

* feat: dependencies strongly typed

* feat: dependencies on externally managed LPGs and RPCs, with examples

* fix: NLB dependency on instances private IP addresses

* doc: release notes and version bump

* doc: LPG and RPC examples added

README.md

@@ -282,19 +282,25 @@ The ```network_configuration``` is a multidimensional complex object:
 ### <a name="ext-dep">External Dependencies</a>
 An optional feature, external dependencies are resources managed elsewhere that resources managed by this module depends on. The following dependencies are supported:
 
-- **compartments_dependency** &ndash; A map of objects containing the externally managed compartments this module depends on. All map objects must have the same type and must contain at least an *id* attribute with the compartment OCID. This mechanism allows for the usage of referring keys (instead of OCIDs) in *default_compartment_id* and *compartment_id* attributes. The module replaces the keys by the OCIDs provided within *compartments_dependency* map. Contents of *compartments_dependency* is typically the output of a [Compartments module](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam/tree/main/compartments) client.
+#### compartments_dependency (Optional) 
+A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain at least an *id* attribute with the compartment OCID. This mechanism allows for the usage of referring keys (instead of OCIDs) in *default_compartment_id* and *compartment_id* attributes. The module replaces the keys by the OCIDs provided within *compartments_dependency* map. Contents of *compartments_dependency* is typically the output of a [Compartments module](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam/tree/main/compartments) client.
 
 Example:
 ```
 {
-	"NETWORK-CMP": {
-		"id": "ocid1.compartment.oc1..aaaaaaaa...7xq"
-	}
+  "NETWORK-CMP": {
+    id": "ocid1.compartment.oc1..aaaaaaaa...7xq"
+  }
 }
 ```
-- **network_dependency** &ndash; A map of map of objects containing the externally managed network resources this module depends on. This mechanism allows for the usage of referring keys (instead of OCIDs) in *vcn_id* and *drg_id* attributes of *inject_into_existing_vcns* and *inject_into_existing_drgs*, respectively. The module replaces the keys by the OCIDs provided within *network_dependency* map. Contents of *network_dependency* is typically the output of a client of this module. Within *network_dependency*, VCNs must be indexed with the **"vcns"** key and DRGs indexed with the **"dynamic_routing_gateways"** key. Each VCN and DRG must contain the **"id"** attribute (to which the actual OCID is assigned), as in the example below:
 
-Example:
+Attributes that support a compartment referring key:
+  - *default_compartment_id*
+  - *compartment_id*
+
+A map of map of objects containing the externally managed network resources this module may depend on. This mechanism allows for the usage of referring keys (instead of OCIDs) in some attributes. The module replaces the keys by the OCIDs provided within *network_dependency* map. Contents of *network_dependency* is typically the output of a client of this module. Within *network_dependency*, VCNs must be indexed with the **vcns** key, DRGs indexed with the **dynamic_routing_gateways** key, DRG attachments indexed with **drg_attachments** key, Local Peering Gateways (LPG) indexed with **local_peering_gateways**, Remote Peering Connections (RPC) indexed with **remote_peering_connections** key. Each VCN, DRG, DRG attachment, LPG and RPC must contain the *id* attribute (to which the actual OCID is assigned). RPCs must also pass the peer region name in the *region_name* attribute.
+
+*network_dependency* example:
 ```
 {
   "vcns" : {
@@ -306,10 +312,74 @@ Example:
     "XYZ-DRG" : {
       "id" : "ocid1.drg.oc1.iad.aaaaaaaa...xlq"
     }
+  },
+  "drg_attachments" : {  
+    "XYZ-DRG-ATTACH" : {
+      "id" : "ocid1.drgattachment.oc1.iad.aaaaaaa...xla"
+    }
+  },
+  "local_peering_gateways" : {  
+    "XYZ-LPG" : {
+      "id" : "ocid1.localpeeringgateway.oc1.us-ashburn-1.aaaaaaaa...3oa"
+    }
+  },
+  "remote_peering_connections" : {  
+    "XYZ-RPC" : {
+      "id" : "ocid1.remotepeeringconnection.oc1.us-ashburn-1.aaaaaaaa...4rt",
+      "region_name" : "us-ashburn-1"
+    }
   }  
 } 
-```          
-See [external-dependency example](./examples/external-dependency/) for a complete example.
+```
+**Note**: **vcns**, **dynamic_routing_gateways**, **drg_attachments**, **local_peering_gateways**, and **remote_peering_connections** attributes are all optional. They only become mandatory if the *network_configuration* refers to one of these resources through a referring key. Below are the attributes where a referring key is supported:
+
+*network_dependency* attribute | Attribute names in *network_configuration* where the referring key can be utilized
+--------------|-------------
+**vcns** | *vcn_id* in *inject_into_existing_vcns*
+**dynamic_routing_gateways** | *drg_id* in *inject_into_existing_drgs*, *network_entity_key* in *route_tables'* *route_rules*
+**drg_attachments** | *drg_attachment_key*
+**local_peering_gateways** | *peer_key* in *local_peering_gateways*
+**remote_peering_connections** | *peer_key* in *remote_peering_connections*
+
+#### private_ips_dependency (Optional) 
+A map of map of objects containing the externally managed private IP resources this module may depend on. This mechanism allows for the usage of referring keys (instead of OCIDs) in some attributes. The module replaces the keys by the OCIDs provided within *private_ips_dependency* map. Each private IP must contain the **"id"** attribute (to which the actual OCID is assigned), as in the example below:
+
+Example:
+```
+{
+  "INDOOR-NLB": {
+    "id": "ocid1.privateip.oc1.iad.abyhql...nrq"
+  }
+}
+```
+
+Attributes that support a private IP referring key:
+  - *network_entity_key* in *route_tables'* *route_rules*
+
+
+#### Wrapping Example
+Note how the *network_configuration* snippet example below refers to keys in *compartments_dependency* (*NETWORK-CMP*) and *network_dependency* (*XYZ-VCN*):
+```
+network_configuration = {
+  default_compartment_id = "NETWORK-CMP" # This key is defined in compartments_dependency
+  network_configuration_categories = {
+    production = {
+      inject_into_existing_vcns = {
+        VISION-VCN-INJECTED = {
+          vcn_id = "XYZ-VCN" # This key is defined in network_dependency, under the vcns attribute.
+          subnets = {
+            SUPPLEMENT-SUBNET = {
+              display_name = "supplement-subnet"
+              cidr_block = "10.0.0.96/27"
+            }
+          }
+        }  
+      }
+    }
+  }
+}
+```
+See [external-dependency example](./examples/external-dependency/) for a functional example.
 
 ### <a name="howtoexample">Available Examples</a>
 
@@ -322,7 +392,9 @@ See [external-dependency example](./examples/external-dependency/) for a complet
    - [Fast Connect Examples](examples/edge-connectivity/fast-connect-examples/)
       - [Generic OCI Fast Connect Partner](examples/edge-connectivity/fast-connect-examples/generic-oci-fastconnect-partner/)
    - [IPSec VPN Examples](examples/edge-connectivity/ipsec-examples/)
-      - [Generic OCI IPSec BGP VPN](examples/edge-connectivity/ipsec-examples/generic-OCI-ipsec-bgp-vpn/)     
+      - [Generic OCI IPSec BGP VPN](examples/edge-connectivity/ipsec-examples/generic-OCI-ipsec-bgp-vpn/)    
+- [Local Peering Gateways](examples/local-peering-gateways/)     
+- [Remote Peering Connections](examples/remote-peering-connections/)  
 
 ## <a name="related">Related Documentation
 - [OCI Networking Overview](https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/overview.htm)

RELEASE-NOTES.md

@@ -1,10 +1,16 @@
+# April 16, 2024 Release Notes - 0.6.6
+
+## Updates
+1. Module now supports external dependencies on private IP addresses, DRG attachments, remote peering connections and local peering gateways. See [External Dependencies](./README.md#ext-dep) for details.
+2. All dependency variables are now strongly typed, enhancing usage guidance.
+
 # April 08, 2024 Release Notes - 0.6.5
 ## Additions
 1. MVP module for Network Load Balancers.
 
 ## Updates
 1. Module dependency on externally managed network resources enhanced, including improved examples and documentation.
-3. Release tracking via freeform tags.
+2. Release tracking via freeform tags.
 
 ## Fixes
 1. L7 load balancers module dependency on compartments.

drg_route_distributions_statements.tf

@@ -80,8 +80,7 @@ locals {
             #Optional
             attachment_type    = drgrdsts_value.match_criteria.attachment_type
             drg_attachment_key = drgrdsts_value.match_criteria.drg_attachment_key
-            drg_attachment_id  = drgrdsts_value.match_criteria.drg_attachment_id != null ? drgrdsts_value.match_criteria.drg_attachment_id : drgrdsts_value.match_criteria.drg_attachment_key != null ? local.drtd_attachments[drgrdsts_value.match_criteria.drg_attachment_key].id : null
-
+            drg_attachment_id  = length(regexall("^ocid1.drgattachment.*$", coalesce(drgrdsts_value.match_criteria.drg_attachment_id,"__void__"))) > 0 ? drgrdsts_value.match_criteria.drg_attachment_id : (contains(keys(local.drtd_attachments),coalesce(drgrdsts_value.match_criteria.drg_attachment_key,"__void__")) ? local.drtd_attachments[drgrdsts_value.match_criteria.drg_attachment_key].id : (contains(keys(var.network_dependency["drg_attachments"]),coalesce(drgrdsts_value.match_criteria.drg_attachment_key,"__void__")) ? var.network_dependency["drg_attachments"][drgrdsts_value.match_criteria.drg_attachment_key].id : null))
           } : null
           drgrdsts_key = drgrdsts_key
         }
@@ -101,7 +100,7 @@ locals {
         attachment_type     = drgrdsts_value.match_criteria[0].attachment_type
         drg_attachment_id   = drgrdsts_value.match_criteria[0].drg_attachment_id
         drg_attachment_key  = contains(keys(local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].match_criteria), "drg_attachment_key") ? local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].match_criteria.drg_attachment_key : "NOT DETERMINED AS DRG_ATTACHMENT NOT CREATED BY THIS AUTOMATION"
-        drg_attachment_name = contains(keys(local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].match_criteria), "drg_attachment_key") ? local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].match_criteria.drg_attachment_key != null ? local.drtd_attachments[local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].match_criteria.drg_attachment_key].display_name : "NOT DETERMINED AS DRG_ATTACHMENT NOT CREATED BY THIS AUTOMATION" : "NOT DETERMINED AS DRG_ATTACHMENT NOT CREATED BY THIS AUTOMATION"
+        #drg_attachment_name = contains(keys(local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].match_criteria), "drg_attachment_key") ? local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].match_criteria.drg_attachment_key != null ? local.drtd_attachments[local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].match_criteria.drg_attachment_key].display_name : "NOT DETERMINED AS DRG_ATTACHMENT NOT CREATED BY THIS AUTOMATION" : "NOT DETERMINED AS DRG_ATTACHMENT NOT CREATED BY THIS AUTOMATION"
       }
       priority                       = drgrdsts_value.priority
       drg_id                         = local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].drg_id

examples/.gitignore

@@ -0,0 +1,3 @@
+**/*.rem
+**/*.nopub
+**/*.tfvars

examples/external-dependency/dependencies/vision-nlbs.json

@@ -0,0 +1,5 @@
+{
+  "VISION-NLB": {
+      "id": "ocid1.privateip.oc1.phx.abyhqlj...uiq"
+   }
+}      

examples/external-dependency/main.tf

@@ -7,4 +7,5 @@ module "vision_network" {
   network_configuration   = var.network_configuration
   compartments_dependency = jsondecode(file("./dependencies/vision-compartments.json"))
   network_dependency      = jsondecode(file("./dependencies/vision-network.json"))
-}
+  private_ips_dependency  = jsondecode(file("./dependencies/vision-nlbs.json"))
+}

examples/local-peering-gateways/README.md

@@ -0,0 +1,15 @@
+# Local Peering Gateways 
+
+The enclosed pair of examples shows how to create and peer Local Peering Gateways (LPGs) within a region using the [OCI Landing Zone Core Networking module](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking).
+
+It creates two VCNs. Within each VCN a Local Peering Gateway (LPG) is created. The LPGs are then peered.
+
+## How to Run the Examples
+
+### Run the Acceptor
+1. Replace the placeholders marked with \<\> with appropriate values in ./lpg_acceptor/input.auto.tfvars.template. Rename the file to ./lpg_acceptor/input.auto.tfvars.
+2. Execute terraform init/plan/apply in ./lpg-acceptor folder.
+
+### Run the Requestor
+3. Replace the placeholders marked with \<\> with appropriate values in ./lpg_requestor/input.auto.tfvars.template. Rename the file to ./lpg_requestor/input.auto.tfvars.
+4. Execute terraform init/plan/apply in ./lpg-requestor folder.

examples/local-peering-gateways/lpg-acceptor/input.auto.tfvars.template

@@ -0,0 +1,30 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+tenancy_ocid         = "<TENANCY_OCID>"
+user_ocid            = "<USER_OCID>"
+fingerprint          = "<PEM_KEY_FINGERPRINT>"
+private_key_path     = "<PATH_TO_PRIVATE_KEY>"
+private_key_password = "<PRIVATE_KEY_PASSWORD>"
+region               = "<TENANCY_REGION>"
+
+network_configuration = {
+  default_compartment_id = "<NETWORK_COMPARTMENT_OCID>"
+  network_configuration_categories = {
+    production = {
+      vcns = {
+        VISION-LPG-ACCEPTOR-VCN = {
+          display_name = "vision-lpg-acceptor-vcn"
+          cidr_blocks  = ["192.168.0.0/27"]
+          vcn_specific_gateways = {
+            local_peering_gateways = {
+              ACCEPTOR-LPG = {
+                display_name = "acceptor-lpg"
+              }
+            }
+          }
+        }  
+      }
+    }
+  }
+}

examples/local-peering-gateways/lpg-acceptor/main.tf

@@ -0,0 +1,8 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+module "lpg_acceptor" {
+  source = "../../../"
+  network_configuration = var.network_configuration
+}
+

examples/local-peering-gateways/lpg-acceptor/outputs.tf

@@ -0,0 +1,15 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+output "networking_resources" {
+  description = "Networking resources"
+  value       = module.lpg_acceptor.provisioned_networking_resources
+}
+
+# This resource writes a file with select output as JSON content. This file can be used as a network dependency by another network configuration example that depends on RPCs managed by this example.
+resource "local_file" "network_output" {
+  content = module.lpg_acceptor.provisioned_networking_resources != null ? jsonencode({
+            "local_peering_gateways" : {for k, v in module.lpg_acceptor.provisioned_networking_resources.local_peering_gateways : k => {"id" : v.id}}
+    }) : null
+  filename = "./vision-network.json"
+}

examples/local-peering-gateways/lpg-acceptor/provider.tf

@@ -0,0 +1,25 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+provider "oci" {
+  region               = var.region
+  tenancy_ocid         = var.tenancy_ocid
+  user_ocid            = var.user_ocid
+  fingerprint          = var.fingerprint
+  private_key_path     = var.private_key_path
+  private_key_password = var.private_key_password
+}
+
+terraform {
+  required_version = ">= 1.2.0, < 1.3.0"
+
+  required_providers {
+    oci = {
+      source                = "oracle/oci"
+      version               = "<= 5.16.0"
+      configuration_aliases = [oci]
+    }
+  }
+
+  experiments = [module_variable_optional_attrs]
+} 

examples/local-peering-gateways/lpg-acceptor/variables.tf

@@ -0,0 +1,16 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# tenancy details
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "private_key_password" {}
+variable "region" {}
+
+variable "network_configuration" {
+  type = any
+  default = null
+}
+

examples/local-peering-gateways/lpg-requestor/input.auto.tfvars.template

@@ -0,0 +1,31 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+tenancy_ocid         = "<TENANCY_OCID>"
+user_ocid            = "<USER_OCID>"
+fingerprint          = "<PEM_KEY_FINGERPRINT>"
+private_key_path     = "<PATH_TO_PRIVATE_KEY>"
+private_key_password = "<PRIVATE_KEY_PASSWORD>"
+region               = "<TENANCY_REGION>"
+
+network_configuration = {
+  default_compartment_id = "<NETWORK_COMPARTMENT_OCID>"
+  network_configuration_categories = {
+    production = {
+      vcns = {
+        VISION-LPG-REQUESTOR-VCN = {
+          display_name = "vision-lpg-requestor-vcn"
+          cidr_blocks  = ["10.0.0.0/27"]
+          vcn_specific_gateways = {
+            local_peering_gateways = {
+              REQUESTOR-LPG = {
+                display_name = "requestor-lpg"
+                peer_key = "ACCEPTOR-LPG"
+              }
+            }
+          }
+        }  
+      }
+    }
+  }
+}

examples/local-peering-gateways/lpg-requestor/main.tf

@@ -0,0 +1,9 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+module "lpg_requestor" {
+  source = "../../../"
+  network_configuration = var.network_configuration
+  network_dependency    = jsondecode(file("../lpg-acceptor/vision-network.json"))
+}
+

examples/local-peering-gateways/lpg-requestor/outputs.tf

@@ -0,0 +1,7 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+output "networking_resources" {
+  description = "Networking resources"
+  value       = module.lpg_requestor.provisioned_networking_resources
+}

examples/local-peering-gateways/lpg-requestor/provider.tf

@@ -0,0 +1,25 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+provider "oci" {
+  region               = var.region
+  tenancy_ocid         = var.tenancy_ocid
+  user_ocid            = var.user_ocid
+  fingerprint          = var.fingerprint
+  private_key_path     = var.private_key_path
+  private_key_password = var.private_key_password
+}
+
+terraform {
+  required_version = ">= 1.2.0, < 1.3.0"
+
+  required_providers {
+    oci = {
+      source                = "oracle/oci"
+      version               = "<= 5.16.0"
+      configuration_aliases = [oci]
+    }
+  }
+
+  experiments = [module_variable_optional_attrs]
+} 

examples/local-peering-gateways/lpg-requestor/variables.tf

@@ -0,0 +1,16 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# tenancy details
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "private_key_password" {}
+variable "region" {}
+
+variable "network_configuration" {
+  type = any
+  default = null
+}
+