diff --git a/README.md b/README.md
index a8ae9f8..1ab3c8c 100644
--- a/README.md
+++ b/README.md
@@ -282,19 +282,25 @@ The ```network_configuration``` is a multidimensional complex object:
### External Dependencies
An optional feature, external dependencies are resources managed elsewhere that resources managed by this module depends on. The following dependencies are supported:
-- **compartments_dependency** – A map of objects containing the externally managed compartments this module depends on. All map objects must have the same type and must contain at least an *id* attribute with the compartment OCID. This mechanism allows for the usage of referring keys (instead of OCIDs) in *default_compartment_id* and *compartment_id* attributes. The module replaces the keys by the OCIDs provided within *compartments_dependency* map. Contents of *compartments_dependency* is typically the output of a [Compartments module](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam/tree/main/compartments) client.
+#### compartments_dependency (Optional)
+A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain at least an *id* attribute with the compartment OCID. This mechanism allows for the usage of referring keys (instead of OCIDs) in *default_compartment_id* and *compartment_id* attributes. The module replaces the keys by the OCIDs provided within *compartments_dependency* map. Contents of *compartments_dependency* is typically the output of a [Compartments module](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam/tree/main/compartments) client.
Example:
```
{
- "NETWORK-CMP": {
- "id": "ocid1.compartment.oc1..aaaaaaaa...7xq"
- }
+ "NETWORK-CMP": {
+ id": "ocid1.compartment.oc1..aaaaaaaa...7xq"
+ }
}
```
-- **network_dependency** – A map of map of objects containing the externally managed network resources this module depends on. This mechanism allows for the usage of referring keys (instead of OCIDs) in *vcn_id* and *drg_id* attributes of *inject_into_existing_vcns* and *inject_into_existing_drgs*, respectively. The module replaces the keys by the OCIDs provided within *network_dependency* map. Contents of *network_dependency* is typically the output of a client of this module. Within *network_dependency*, VCNs must be indexed with the **"vcns"** key and DRGs indexed with the **"dynamic_routing_gateways"** key. Each VCN and DRG must contain the **"id"** attribute (to which the actual OCID is assigned), as in the example below:
-Example:
+Attributes that support a compartment referring key:
+ - *default_compartment_id*
+ - *compartment_id*
+
+A map of map of objects containing the externally managed network resources this module may depend on. This mechanism allows for the usage of referring keys (instead of OCIDs) in some attributes. The module replaces the keys by the OCIDs provided within *network_dependency* map. Contents of *network_dependency* is typically the output of a client of this module. Within *network_dependency*, VCNs must be indexed with the **vcns** key, DRGs indexed with the **dynamic_routing_gateways** key, DRG attachments indexed with **drg_attachments** key, Local Peering Gateways (LPG) indexed with **local_peering_gateways**, Remote Peering Connections (RPC) indexed with **remote_peering_connections** key. Each VCN, DRG, DRG attachment, LPG and RPC must contain the *id* attribute (to which the actual OCID is assigned). RPCs must also pass the peer region name in the *region_name* attribute.
+
+*network_dependency* example:
```
{
"vcns" : {
@@ -306,10 +312,74 @@ Example:
"XYZ-DRG" : {
"id" : "ocid1.drg.oc1.iad.aaaaaaaa...xlq"
}
+ },
+ "drg_attachments" : {
+ "XYZ-DRG-ATTACH" : {
+ "id" : "ocid1.drgattachment.oc1.iad.aaaaaaa...xla"
+ }
+ },
+ "local_peering_gateways" : {
+ "XYZ-LPG" : {
+ "id" : "ocid1.localpeeringgateway.oc1.us-ashburn-1.aaaaaaaa...3oa"
+ }
+ },
+ "remote_peering_connections" : {
+ "XYZ-RPC" : {
+ "id" : "ocid1.remotepeeringconnection.oc1.us-ashburn-1.aaaaaaaa...4rt",
+ "region_name" : "us-ashburn-1"
+ }
}
}
-```
-See [external-dependency example](./examples/external-dependency/) for a complete example.
+```
+**Note**: **vcns**, **dynamic_routing_gateways**, **drg_attachments**, **local_peering_gateways**, and **remote_peering_connections** attributes are all optional. They only become mandatory if the *network_configuration* refers to one of these resources through a referring key. Below are the attributes where a referring key is supported:
+
+*network_dependency* attribute | Attribute names in *network_configuration* where the referring key can be utilized
+--------------|-------------
+**vcns** | *vcn_id* in *inject_into_existing_vcns*
+**dynamic_routing_gateways** | *drg_id* in *inject_into_existing_drgs*, *network_entity_key* in *route_tables'* *route_rules*
+**drg_attachments** | *drg_attachment_key*
+**local_peering_gateways** | *peer_key* in *local_peering_gateways*
+**remote_peering_connections** | *peer_key* in *remote_peering_connections*
+
+#### private_ips_dependency (Optional)
+A map of map of objects containing the externally managed private IP resources this module may depend on. This mechanism allows for the usage of referring keys (instead of OCIDs) in some attributes. The module replaces the keys by the OCIDs provided within *private_ips_dependency* map. Each private IP must contain the **"id"** attribute (to which the actual OCID is assigned), as in the example below:
+
+Example:
+```
+{
+ "INDOOR-NLB": {
+ "id": "ocid1.privateip.oc1.iad.abyhql...nrq"
+ }
+}
+```
+
+Attributes that support a private IP referring key:
+ - *network_entity_key* in *route_tables'* *route_rules*
+
+
+#### Wrapping Example
+Note how the *network_configuration* snippet example below refers to keys in *compartments_dependency* (*NETWORK-CMP*) and *network_dependency* (*XYZ-VCN*):
+```
+network_configuration = {
+ default_compartment_id = "NETWORK-CMP" # This key is defined in compartments_dependency
+ network_configuration_categories = {
+ production = {
+ inject_into_existing_vcns = {
+ VISION-VCN-INJECTED = {
+ vcn_id = "XYZ-VCN" # This key is defined in network_dependency, under the vcns attribute.
+ subnets = {
+ SUPPLEMENT-SUBNET = {
+ display_name = "supplement-subnet"
+ cidr_block = "10.0.0.96/27"
+ }
+ }
+ }
+ }
+ }
+ }
+}
+```
+See [external-dependency example](./examples/external-dependency/) for a functional example.
### Available Examples
@@ -322,7 +392,9 @@ See [external-dependency example](./examples/external-dependency/) for a complet
- [Fast Connect Examples](examples/edge-connectivity/fast-connect-examples/)
- [Generic OCI Fast Connect Partner](examples/edge-connectivity/fast-connect-examples/generic-oci-fastconnect-partner/)
- [IPSec VPN Examples](examples/edge-connectivity/ipsec-examples/)
- - [Generic OCI IPSec BGP VPN](examples/edge-connectivity/ipsec-examples/generic-OCI-ipsec-bgp-vpn/)
+ - [Generic OCI IPSec BGP VPN](examples/edge-connectivity/ipsec-examples/generic-OCI-ipsec-bgp-vpn/)
+- [Local Peering Gateways](examples/local-peering-gateways/)
+- [Remote Peering Connections](examples/remote-peering-connections/)
## Related Documentation
- [OCI Networking Overview](https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/overview.htm)
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index 910bee2..c52114c 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -1,10 +1,16 @@
+# April 16, 2024 Release Notes - 0.6.6
+
+## Updates
+1. Module now supports external dependencies on private IP addresses, DRG attachments, remote peering connections and local peering gateways. See [External Dependencies](./README.md#ext-dep) for details.
+2. All dependency variables are now strongly typed, enhancing usage guidance.
+
# April 08, 2024 Release Notes - 0.6.5
## Additions
1. MVP module for Network Load Balancers.
## Updates
1. Module dependency on externally managed network resources enhanced, including improved examples and documentation.
-3. Release tracking via freeform tags.
+2. Release tracking via freeform tags.
## Fixes
1. L7 load balancers module dependency on compartments.
diff --git a/SPEC.md b/SPEC.md
index a014c2c..e69de29 100644
--- a/SPEC.md
+++ b/SPEC.md
@@ -1,90 +0,0 @@
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | < 1.4.0 |
-| [oci](#requirement\_oci) | <= 5.16.0 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [oci](#provider\_oci) | <= 5.16.0 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [oci_core_cpe.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_cpe) | resource |
-| [oci_core_cross_connect.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_cross_connect) | resource |
-| [oci_core_cross_connect_group.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_cross_connect_group) | resource |
-| [oci_core_default_dhcp_options.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_default_dhcp_options) | resource |
-| [oci_core_default_route_table.drga_specific_default_route_tables](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_default_route_table) | resource |
-| [oci_core_default_route_table.igw_natgw_specific_default_route_tables](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_default_route_table) | resource |
-| [oci_core_default_route_table.lpg_specific_default_route_tables](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_default_route_table) | resource |
-| [oci_core_default_route_table.non_gw_specific_remaining_default_route_tables](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_default_route_table) | resource |
-| [oci_core_default_route_table.sgw_specific_default_route_tables](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_default_route_table) | resource |
-| [oci_core_default_security_list.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_default_security_list) | resource |
-| [oci_core_dhcp_options.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_dhcp_options) | resource |
-| [oci_core_drg.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_drg) | resource |
-| [oci_core_drg_attachment.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_drg_attachment) | resource |
-| [oci_core_drg_attachment_management.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_drg_attachment_management) | resource |
-| [oci_core_drg_route_distribution.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_drg_route_distribution) | resource |
-| [oci_core_drg_route_distribution_statement.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_drg_route_distribution_statement) | resource |
-| [oci_core_drg_route_table.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_drg_route_table) | resource |
-| [oci_core_drg_route_table_route_rule.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_drg_route_table_route_rule) | resource |
-| [oci_core_internet_gateway.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_internet_gateway) | resource |
-| [oci_core_ipsec.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_ipsec) | resource |
-| [oci_core_ipsec_connection_tunnel_management.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_ipsec_connection_tunnel_management) | resource |
-| [oci_core_local_peering_gateway.oci_acceptor_local_peering_gateways](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_local_peering_gateway) | resource |
-| [oci_core_local_peering_gateway.oci_requestor_local_peering_gateways](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_local_peering_gateway) | resource |
-| [oci_core_nat_gateway.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_nat_gateway) | resource |
-| [oci_core_network_security_group.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_network_security_group) | resource |
-| [oci_core_network_security_group_security_rule.egress](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_network_security_group_security_rule) | resource |
-| [oci_core_network_security_group_security_rule.ingress](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_network_security_group_security_rule) | resource |
-| [oci_core_public_ip.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_public_ip) | resource |
-| [oci_core_public_ip_pool.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_public_ip_pool) | resource |
-| [oci_core_remote_peering_connection.oci_acceptor_remote_peering_connections](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_remote_peering_connection) | resource |
-| [oci_core_remote_peering_connection.oci_requestor_remote_peering_connections](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_remote_peering_connection) | resource |
-| [oci_core_route_table.drga_specific_route_tables](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_route_table) | resource |
-| [oci_core_route_table.igw_natgw_specific_route_tables](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_route_table) | resource |
-| [oci_core_route_table.lpg_specific_route_tables](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_route_table) | resource |
-| [oci_core_route_table.non_gw_specific_remaining_route_tables](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_route_table) | resource |
-| [oci_core_route_table.sgw_specific_route_tables](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_route_table) | resource |
-| [oci_core_route_table_attachment.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_route_table_attachment) | resource |
-| [oci_core_security_list.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_security_list) | resource |
-| [oci_core_service_gateway.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_service_gateway) | resource |
-| [oci_core_subnet.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_subnet) | resource |
-| [oci_core_vcn.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_vcn) | resource |
-| [oci_core_virtual_circuit.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_virtual_circuit) | resource |
-| [oci_network_firewall_network_firewall.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_firewall_network_firewall) | resource |
-| [oci_network_firewall_network_firewall_policy.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_firewall_network_firewall_policy) | resource |
-| [oci_core_cpe_device_shapes.cpe_device_shapes](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_cpe_device_shapes) | data source |
-| [oci_core_drg_attachments.fc_vc_drg_attachments](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_drg_attachments) | data source |
-| [oci_core_drg_attachments.ipsec_drg_attachments](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_drg_attachments) | data source |
-| [oci_core_drg_attachments.rpc_drg_attachments](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_drg_attachments) | data source |
-| [oci_core_fast_connect_provider_services.fast_connect_provider_services](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_fast_connect_provider_services) | data source |
-| [oci_core_ipsec_connection_tunnels.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_ipsec_connection_tunnels) | data source |
-| [oci_core_private_ips.these-nfws-private-ips](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_private_ips) | data source |
-| [oci_core_services.oci_services](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_services) | data source |
-| [oci_core_vcn.existing_vcns](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_vcn) | data source |
-| [oci_identity_availability_domains.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/identity_availability_domains) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [compartments\_dependency](#input\_compartments\_dependency) | A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the compartment OCID) of string type. | `map(any)` | `null` | no |
-| [network\_configuration](#input\_network\_configuration) | n/a | object({
default_compartment_id = optional(string),
default_defined_tags = optional(map(string)),
default_freeform_tags = optional(map(string)),
default_enable_cis_checks = optional(bool),
default_ssh_ports_to_check = optional(list(number)),
network_configuration_categories = optional(map(object({
category_compartment_id = optional(string),
category_defined_tags = optional(map(string)),
category_freeform_tags = optional(map(string)),
category_enable_cis_checks = optional(bool),
category_ssh_ports_to_check = optional(list(number)),
vcns = optional(map(object({
compartment_id = optional(string),
display_name = optional(string),
byoipv6cidr_details = optional(map(object({
byoipv6range_id = string
ipv6cidr_block = string
})))
ipv6private_cidr_blocks = optional(list(string)),
is_ipv6enabled = optional(bool),
is_oracle_gua_allocation_enabled = optional(bool),
cidr_blocks = optional(list(string)),
dns_label = optional(string),
block_nat_traffic = optional(bool),
defined_tags = optional(map(string)),
freeform_tags = optional(map(string)),
default_security_list = optional(object({
compartment_id = optional(string),
defined_tags = optional(map(string)),
freeform_tags = optional(map(string)),
ingress_rules = optional(list(object({
stateless = optional(bool),
protocol = string,
description = optional(string),
src = string,
src_type = string,
src_port_min = optional(number),
src_port_max = optional(number),
dst_port_min = optional(number),
dst_port_max = optional(number),
icmp_type = optional(number),
icmp_code = optional(number)
}))),
egress_rules = optional(list(object({
stateless = optional(bool),
protocol = string,
description = optional(string),
dst = string,
dst_type = string,
src_port_min = optional(number),
src_port_max = optional(number),
dst_port_min = optional(number),
dst_port_max = optional(number),
icmp_type = optional(number),
icmp_code = optional(number)
})))
}))
security_lists = optional(map(object({
compartment_id = optional(string),
defined_tags = optional(map(string)),
freeform_tags = optional(map(string)),
display_name = optional(string),
ingress_rules = optional(list(object({
stateless = optional(bool),
protocol = string,
description = optional(string),
src = string,
src_type = string,
src_port_min = optional(number),
src_port_max = optional(number),
dst_port_min = optional(number),
dst_port_max = optional(number),
icmp_type = optional(number),
icmp_code = optional(number)
}))),
egress_rules = optional(list(object({
stateless = optional(bool),
protocol = string,
description = optional(string),
dst = string,
dst_type = string,
src_port_min = optional(number),
src_port_max = optional(number),
dst_port_min = optional(number),
dst_port_max = optional(number),
icmp_type = optional(number),
icmp_code = optional(number)
})))
})))
default_route_table = optional(object({
compartment_id = optional(string),
defined_tags = optional(map(string)),
freeform_tags = optional(map(string)),
display_name = optional(string),
route_rules = optional(map(object({
network_entity_id = optional(string),
network_entity_key = optional(string),
description = optional(string),
// Supported values:
// - "a cidr block"
// - "objectstorage" or "all-services" - only for "SERVICE_CIDR_BLOCK"
destination = optional(string),
// Supported values:
// - "CIDR_BLOCK"
// - "SERVICE_CIDR_BLOCK" - only for SGW
destination_type = optional(string),
})))
}))
route_tables = optional(map(object({
compartment_id = optional(string),
defined_tags = optional(map(string)),
freeform_tags = optional(map(string)),
display_name = optional(string),
route_rules = optional(map(object({
network_entity_id = optional(string),
network_entity_key = optional(string),
description = optional(string),
// Supported values:
// - "a cidr block"
// - "objectstorage" or "all-services" - only for "SERVICE_CIDR_BLOCK"
destination = optional(string),
// Supported values:
// - "CIDR_BLOCK"
// - "SERVICE_CIDR_BLOCK" - only for SGW
destination_type = optional(string),
})))
})))
default_dhcp_options = optional(object({
compartment_id = optional(string),
display_name = optional(string),
defined_tags = optional(map(string)),
freeform_tags = optional(map(string)),
domain_name_type = optional(string),
options = map(object({
type = string,
server_type = optional(string),
custom_dns_servers = optional(list(string))
search_domain_names = optional(list(string))
}))
}))
dhcp_options = optional(map(object({
compartment_id = optional(string),
display_name = optional(string),
defined_tags = optional(map(string)),
freeform_tags = optional(map(string)),
domain_name_type = optional(string),
options = map(object({
type = string,
server_type = optional(string),
custom_dns_servers = optional(list(string))
search_domain_names = optional(list(string))
}))
})))
subnets = optional(map(object({
cidr_block = string,
compartment_id = optional(string),
#Optional
availability_domain = optional(string),
defined_tags = optional(map(string)),
dhcp_options_key = optional(string),
display_name = optional(string),
dns_label = optional(string),
freeform_tags = optional(map(string)),
ipv6cidr_block = optional(string),
ipv6cidr_blocks = optional(list(string)),
prohibit_internet_ingress = optional(bool),
prohibit_public_ip_on_vnic = optional(bool),
route_table_key = optional(string),
security_list_keys = optional(list(string))
})))
network_security_groups = optional(map(object({
compartment_id = optional(string),
display_name = optional(string),
defined_tags = optional(map(string))
freeform_tags = optional(map(string))
ingress_rules = optional(map(object({
description = optional(string),
protocol = string,
stateless = optional(bool),
src = optional(string),
src_type = optional(string),
dst_port_min = number,
dst_port_max = number,
src_port_min = optional(number),
src_port_max = optional(number),
icmp_type = optional(number),
icmp_code = optional(number)
}))),
egress_rules = optional(map(object({
description = optional(string),
protocol = string,
stateless = optional(bool),
dst = optional(string),
dst_type = optional(string),
dst_port_min = optional(number),
dst_port_max = optional(number),
src_port_min = optional(number),
src_port_max = optional(number),
icmp_type = optional(number),
icmp_code = optional(number)
})))
})))
vcn_specific_gateways = optional(object({
internet_gateways = optional(map(object({
compartment_id = optional(string),
enabled = optional(bool),
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
route_table_key = optional(string)
})))
nat_gateways = optional(map(object({
compartment_id = optional(string),
block_traffic = optional(bool),
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
public_ip_id = optional(string),
route_table_key = optional(string)
})))
service_gateways = optional(map(object({
compartment_id = optional(string),
// SGW services value:
// - objectstorage - for object storage access
// - all-services - for all OCI internal network services access
services = string,
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
route_table_key = optional(string)
})))
local_peering_gateways = optional(map(object({
compartment_id = optional(string),
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
peer_id = optional(string),
peer_key = optional(string),
route_table_key = optional(string)
})))
}))
})))
inject_into_existing_vcns = optional(map(object({
vcn_id = string,
default_security_list = optional(object({
compartment_id = optional(string),
defined_tags = optional(map(string)),
freeform_tags = optional(map(string)),
ingress_rules = optional(list(object({
stateless = optional(bool),
protocol = string,
description = optional(string),
src = string,
src_type = string,
src_port_min = optional(number),
src_port_max = optional(number),
dst_port_min = optional(number),
dst_port_max = optional(number),
icmp_type = optional(number),
icmp_code = optional(number)
}))),
egress_rules = optional(list(object({
stateless = optional(bool),
protocol = string,
description = optional(string),
dst = string,
dst_type = string,
src_port_min = optional(number),
src_port_max = optional(number),
dst_port_min = optional(number),
dst_port_max = optional(number),
icmp_type = optional(number),
icmp_code = optional(number)
})))
}))
security_lists = optional(map(object({
compartment_id = optional(string),
defined_tags = optional(map(string)),
freeform_tags = optional(map(string)),
display_name = optional(string),
ingress_rules = optional(list(object({
stateless = optional(bool),
protocol = string,
description = optional(string),
src = string,
src_type = string,
src_port_min = optional(number),
src_port_max = optional(number),
dst_port_min = optional(number),
dst_port_max = optional(number),
icmp_type = optional(number),
icmp_code = optional(number)
}))),
egress_rules = optional(list(object({
stateless = optional(bool),
protocol = string,
description = optional(string),
dst = string,
dst_type = string,
src_port_min = optional(number),
src_port_max = optional(number),
dst_port_min = optional(number),
dst_port_max = optional(number),
icmp_type = optional(number),
icmp_code = optional(number)
})))
})))
default_route_table = optional(object({
compartment_id = optional(string),
defined_tags = optional(map(string)),
freeform_tags = optional(map(string)),
display_name = optional(string),
route_rules = optional(map(object({
network_entity_id = optional(string),
network_entity_key = optional(string),
description = optional(string),
// Supported values:
// - "a cidr block"
// - "objectstorage" or "all-services" - only for "SERVICE_CIDR_BLOCK"
destination = optional(string),
// Supported values:
// - "CIDR_BLOCK"
// - "SERVICE_CIDR_BLOCK" - only for SGW
destination_type = optional(string),
})))
}))
route_tables = optional(map(object({
compartment_id = optional(string),
defined_tags = optional(map(string)),
freeform_tags = optional(map(string)),
display_name = optional(string),
route_rules = optional(map(object({
network_entity_id = optional(string),
network_entity_key = optional(string),
description = optional(string),
description = optional(string),
// Supported values:
// - "a cidr block"
// - "objectstorage" or "all-services" - only for "SERVICE_CIDR_BLOCK"
destination = optional(string),
// Supported values:
// - "CIDR_BLOCK"
// - "SERVICE_CIDR_BLOCK" - only for SGW
destination_type = optional(string)
})))
})))
default_dhcp_options = optional(object({
compartment_id = optional(string),
display_name = optional(string),
defined_tags = optional(map(string)),
freeform_tags = optional(map(string)),
domain_name_type = optional(string),
options = map(object({
type = string,
server_type = optional(string),
custom_dns_servers = optional(list(string))
search_domain_names = optional(list(string))
}))
}))
dhcp_options = optional(map(object({
compartment_id = optional(string),
display_name = optional(string),
defined_tags = optional(map(string)),
freeform_tags = optional(map(string)),
domain_name_type = optional(string),
options = map(object({
type = string,
server_type = optional(string),
custom_dns_servers = optional(list(string))
search_domain_names = optional(list(string))
}))
})))
subnets = optional(map(object({
cidr_block = string,
compartment_id = optional(string),
#Optional
availability_domain = optional(string),
defined_tags = optional(map(string)),
dhcp_options_id = optional(string),
dhcp_options_key = optional(string),
display_name = optional(string),
dns_label = optional(string),
freeform_tags = optional(map(string)),
ipv6cidr_block = optional(string),
ipv6cidr_blocks = optional(list(string)),
prohibit_internet_ingress = optional(bool),
prohibit_public_ip_on_vnic = optional(bool),
route_table_id = optional(string),
route_table_key = optional(string),
security_list_ids = optional(list(string)),
security_list_keys = optional(list(string))
})))
network_security_groups = optional(map(object({
compartment_id = optional(string),
display_name = optional(string),
defined_tags = optional(map(string))
freeform_tags = optional(map(string))
ingress_rules = optional(map(object({
description = optional(string),
protocol = string,
stateless = optional(bool),
src = optional(string),
src_type = optional(string),
dst_port_min = number,
dst_port_max = number,
src_port_min = optional(number),
src_port_max = optional(number),
icmp_type = optional(number),
icmp_code = optional(number)
}))),
egress_rules = optional(map(object({
description = optional(string),
protocol = string,
stateless = optional(bool),
dst = optional(string),
dst_type = optional(string),
dst_port_min = optional(number),
dst_port_max = optional(number),
src_port_min = optional(number),
src_port_max = optional(number),
icmp_type = optional(number),
icmp_code = optional(number)
})))
})))
vcn_specific_gateways = optional(object({
internet_gateways = optional(map(object({
compartment_id = optional(string),
enabled = optional(bool),
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
route_table_id = optional(string),
route_table_key = optional(string)
})))
nat_gateways = optional(map(object({
compartment_id = optional(string),
block_traffic = optional(bool),
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
public_ip_id = optional(string),
route_table_id = optional(string),
route_table_key = optional(string)
})))
service_gateways = optional(map(object({
compartment_id = optional(string),
// SGW services value:
// - objectstorage - for object storage access
// - all-services - for all OCI internal network services access
services = string,
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
route_table_id = optional(string),
route_table_key = optional(string)
})))
local_peering_gateways = optional(map(object({
compartment_id = optional(string),
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
peer_id = optional(string),
peer_key = optional(string),
route_table_id = optional(string),
route_table_key = optional(string)
})))
}))
})))
IPs = optional(object({
public_ips_pools = optional(map(object({
compartment_id = optional(string),
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
})))
public_ips = optional(map(object({
compartment_id = optional(string),
lifetime = string,
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
private_ip_id = optional(string),
public_ip_pool_id = optional(string),
public_ip_pool_key = optional(string)
})))
}))
non_vcn_specific_gateways = optional(object({
dynamic_routing_gateways = optional(map(object({
compartment_id = optional(string),
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
remote_peering_connections = optional(map(object({
compartment_id = optional(string),
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
peer_id = optional(string),
peer_key = optional(string),
peer_region_name = optional(string)
})))
drg_attachments = optional(map(object({
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
drg_route_table_id = optional(string),
drg_route_table_key = optional(string),
network_details = optional(object({
attached_resource_id = optional(string),
attached_resource_key = optional(string),
type = string,
route_table_id = optional(string),
route_table_key = optional(string),
vcn_route_type = optional(string)
}))
})))
drg_route_tables = optional(map(object({
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
import_drg_route_distribution_id = optional(string),
import_drg_route_distribution_key = optional(string),
is_ecmp_enabled = optional(bool),
route_rules = optional(map(object({
destination = string,
destination_type = string,
next_hop_drg_attachment_id = optional(string),
next_hop_drg_attachment_key = optional(string),
})))
})))
drg_route_distributions = optional(map(object({
distribution_type = string,
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string))
statements = optional(map(object({
action = string,
match_criteria = optional(object({
match_type = string,
attachment_type = optional(string),
drg_attachment_id = optional(string),
drg_attachment_key = optional(string)
}))
priority = optional(number)
})))
})))
})))
customer_premises_equipments = optional(map(object({
compartment_id = optional(string),
ip_address = string,
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
cpe_device_shape_id = optional(string),
cpe_device_shape_vendor_name = optional(string)
})))
ipsecs = optional(map(object({
compartment_id = optional(string),
cpe_id = optional(string),
cpe_key = optional(string),
drg_id = optional(string),
drg_key = optional(string),
static_routes = list(string),
cpe_local_identifier = optional(string),
cpe_local_identifier_type = optional(string),
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
tunnels_management = optional(object({
tunnel_1 = optional(object({
routing = string,
bgp_session_info = optional(object({
customer_bgp_asn = optional(string),
customer_interface_ip = optional(string),
oracle_interface_ip = optional(string)
}))
encryption_domain_config = optional(object({
cpe_traffic_selector = optional(string),
oracle_traffic_selector = optional(string)
}))
shared_secret = optional(string),
ike_version = optional(string)
})),
tunnel_2 = optional(object({
routing = string,
bgp_session_info = optional(object({
customer_bgp_asn = optional(string),
customer_interface_ip = optional(string),
oracle_interface_ip = optional(string)
}))
encryption_domain_config = optional(object({
cpe_traffic_selector = optional(string),
oracle_traffic_selector = optional(string)
}))
shared_secret = optional(string),
ike_version = optional(string)
}))
}))
})))
fast_connect_virtual_circuits = optional(map(object({
#Required
compartment_id = optional(string),
provision_fc_virtual_circuit = bool,
show_available_fc_virtual_circuit_providers = bool,
type = string,
#Optional
bandwidth_shape_name = optional(string),
bgp_admin_state = optional(string),
cross_connect_mappings = optional(map(object({
#Optional
bgp_md5auth_key = optional(string)
cross_connect_or_cross_connect_group_id = optional(string)
cross_connect_or_cross_connect_group_key = optional(string)
customer_bgp_peering_ip = optional(string)
customer_bgp_peering_ipv6 = optional(string)
oracle_bgp_peering_ip = optional(string)
oracle_bgp_peering_ipv6 = optional(string)
vlan = optional(string)
})))
customer_asn = optional(string)
defined_tags = optional(map(string))
display_name = optional(string)
freeform_tags = optional(map(string))
ip_mtu = optional(number)
is_bfd_enabled = optional(bool)
gateway_id = optional(string)
gateway_key = optional(string)
provider_service_id = optional(string)
provider_service_key = optional(string)
provider_service_key_name = optional(string)
public_prefixes = optional(map(object({
#Required
cidr_block = string,
})))
region = optional(string)
routing_policy = optional(list(string))
})))
cross_connect_groups = optional(map(object({
compartment_id = optional(string),
customer_reference_name = optional(string),
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
cross_connects = optional(map(object({
compartment_id = optional(string),
location_name = string,
port_speed_shape_name = string,
customer_reference_name = optional(string),
defined_tags = optional(map(string))
display_name = optional(string),
far_cross_connect_or_cross_connect_group_id = optional(string),
far_cross_connect_or_cross_connect_group_key = optional(string),
freeform_tags = optional(map(string))
near_cross_connect_or_cross_connect_group_id = optional(string),
near_cross_connect_or_cross_connect_group_key = optional(string),
})))
})))
inject_into_existing_drgs = optional(map(object({
drg_id = string,
remote_peering_connections = optional(map(object({
compartment_id = optional(string),
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
peer_id = optional(string),
peer_key = optional(string),
peer_region_name = optional(string)
})))
drg_attachments = optional(map(object({
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
drg_route_table_id = optional(string),
drg_route_table_key = optional(string),
network_details = optional(object({
attached_resource_id = optional(string),
attached_resource_key = optional(string),
type = string,
route_table_id = optional(string),
route_table_key = optional(string),
vcn_route_type = optional(string)
}))
})))
drg_route_tables = optional(map(object({
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
import_drg_route_distribution_id = optional(string),
import_drg_route_distribution_key = optional(string),
is_ecmp_enabled = optional(bool),
route_rules = optional(map(object({
destination = string,
destination_type = string,
next_hop_drg_attachment_id = optional(string),
next_hop_drg_attachment_key = optional(string),
})))
})))
drg_route_distributions = optional(map(object({
distribution_type = string,
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string))
statements = optional(map(object({
action = string,
match_criteria = optional(object({
match_type = string,
attachment_type = optional(string),
drg_attachment_id = optional(string),
drg_attachment_key = optional(string)
}))
priority = number
})))
})))
})))
network_firewalls_configuration = optional(object({
network_firewalls = optional(map(object({
availability_domain = optional(number),
compartment_id = optional(string),
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
ipv4address = optional(string),
ipv6address = optional(string),
network_security_group_ids = optional(list(string)),
network_security_group_keys = optional(list(string)),
subnet_id = optional(string),
subnet_key = optional(string),
network_firewall_policy_id = optional(string),
network_firewall_policy_key = optional(string)
}))),
network_firewall_policies = optional(map(object({
compartment_id = optional(string),
defined_tags = optional(map(string)),
display_name = optional(string),
freeform_tags = optional(map(string)),
application_lists = optional(map(object({
application_list_name = string,
application_values = map(object({
type = string,
icmp_type = optional(string),
icmp_code = optional(string),
minimum_port = optional(number),
maximum_port = optional(number)
}))
})))
decryption_profiles = optional(map(object({
is_out_of_capacity_blocked = bool,
is_unsupported_cipher_blocked = bool,
is_unsupported_version_blocked = bool,
type = string,
key = string,
are_certificate_extensions_restricted = optional(bool),
is_auto_include_alt_name = optional(bool),
is_expired_certificate_blocked = optional(bool),
is_revocation_status_timeout_blocked = optional(bool),
is_unknown_revocation_status_blocked = optional(bool),
is_untrusted_issuer_blocked = optional(bool)
})))
decryption_rules = optional(map(object({
action = string,
name = string,
decryption_profile = optional(string),
secret = optional(string),
conditions = map(object({
destinations = optional(list(string)),
sources = optional(list(string))
}))
})))
ip_address_lists = optional(map(object({
ip_address_list_name = string,
ip_address_list_value = list(string)
})))
mapped_secrets = optional(map(object({
key = optional(string),
type = string,
vault_secret_id = string,
version_number = string,
})))
security_rules = optional(map(object({
action = string,
inspection = optional(string),
name = string
conditions = map(object({
applications = optional(list(string)),
destinations = optional(list(string)),
sources = optional(list(string)),
urls = optional(list(string))
}))
})))
url_lists = optional(map(object({
url_list_name = string,
url_list_values = map(object({
type = string,
pattern = string
}))
})))
})))
}))
l7_load_balancers = optional(map(object({
compartment_id = optional(string),
display_name = string,
shape = string,
subnet_ids = list(string),
subnet_keys = list(string),
defined_tags = optional(map(string)),
freeform_tags = optional(map(string)),
ip_mode = optional(string),
is_private = optional(bool),
network_security_group_ids = optional(list(string)),
network_security_group_keys = optional(list(string)),
reserved_ips_ids = optional(list(string)),
reserved_ips_keys = optional(list(string))
shape_details = optional(object({
maximum_bandwidth_in_mbps = number,
minimum_bandwidth_in_mbps = number
}))
backend_sets = optional(map(object({
health_checker = object({
protocol = string,
interval_ms = number,
is_force_plain_text = bool,
port = number,
response_body_regex = optional(string),
retries = number,
return_code = number,
timeout_in_millis = number,
url_path = optional(string)
})
name = string,
policy = string,
lb_cookie_session_persistence_configuration = optional(object({
cookie_name = optional(string),
disable_fallback = optional(bool),
domain = optional(string),
is_http_only = optional(bool),
is_secure = optional(bool),
max_age_in_seconds = optional(number),
path = optional(string),
}))
session_persistence_configuration = optional(object({
cookie_name = string,
disable_fallback = optional(bool)
}))
ssl_configuration = optional(object({
certificate_ids = optional(list(string)),
certificate_keys = optional(list(string)),
certificate_name = optional(string),
cipher_suite_name = optional(string),
protocols = optional(list(string)),
server_order_preference = optional(string),
trusted_certificate_authority_ids = optional(list(string)),
trusted_certificate_authority_keys = optional(list(string)),
verify_depth = optional(number),
verify_peer_certificate = optional(bool),
}))
backends = optional(map(object({
ip_address = string,
port = number,
backup = optional(bool),
drain = optional(bool),
offline = optional(bool),
weight = optional(number)
})))
})))
cipher_suites = optional(map(object({
ciphers = list(string),
name = string
})))
path_route_sets = optional(map(object({
name = string,
path_routes = map(object({
backend_set_key = string,
path = string,
path_match_type = object({
match_type = string
})
}))
})))
host_names = optional(map(object({
hostname = string,
name = string
})))
routing_policies = optional(map(object({
condition_language_version = string,
name = string,
rules = map(object({
actions = map(object({
backend_set_key = string,
name = string,
}))
condition = string,
name = string
}))
})))
rule_sets = optional(map(object({
name = string,
items = map(object({
action = string,
allowed_methods = optional(list(string)),
are_invalid_characters_allowed = optional(bool),
conditions = optional(map(object({
attribute_name = string,
attribute_value = string,
operator = optional(string)
})))
description = optional(string),
header = optional(string),
http_large_header_size_in_kb = optional(number),
prefix = optional(string),
redirect_uri = optional(object({
host = optional(string, )
path = optional(string),
port = optional(number),
protocol = optional(string),
query = optional(string)
}))
response_code = optional(number)
status_code = optional(number),
suffix = optional(string),
value = optional(string)
}))
})))
certificates = optional(map(object({
#Required
certificate_name = string,
#Optional
ca_certificate = optional(string),
passphrase = optional(string),
private_key = optional(string),
public_certificate = optional(string)
})))
listeners = optional(map(object({
default_backend_set_key = string,
name = string,
port = string,
protocol = string,
connection_configuration = optional(object({
idle_timeout_in_seconds = number,
backend_tcp_proxy_protocol_version = optional(string)
}))
hostname_keys = optional(list(string)),
path_route_set_key = optional(string),
routing_policy_key = optional(string),
rule_set_keys = optional(list(string)),
ssl_configuration = optional(object({
certificate_key = optional(string),
certificate_ids = optional(list(string)),
cipher_suite_key = optional(string),
protocols = optional(list(string)),
server_order_preference = optional(string),
trusted_certificate_authority_ids = optional(list(string)),
verify_depth = optional(number),
verify_peer_certificate = optional(bool)
}))
})))
})))
}))
}
)))
}) | n/a | yes |
-| [network\_dependency](#input\_network\_dependency) | A map of objects containing the externally managed network resources this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the network resource OCID) of string type. | `map(any)` | `null` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [flat\_map\_of\_provisioned\_networking\_resources](#output\_flat\_map\_of\_provisioned\_networking\_resources) | Flat map of provisioned networking resources - to facilitate the integration with other networking modules via network dependency mechanism |
-| [provisioned\_networking\_resources](#output\_provisioned\_networking\_resources) | Provisioned networking resources |
diff --git a/drg_route_distributions_statements.tf b/drg_route_distributions_statements.tf
index 4e0a5fd..42993dc 100644
--- a/drg_route_distributions_statements.tf
+++ b/drg_route_distributions_statements.tf
@@ -80,8 +80,7 @@ locals {
#Optional
attachment_type = drgrdsts_value.match_criteria.attachment_type
drg_attachment_key = drgrdsts_value.match_criteria.drg_attachment_key
- drg_attachment_id = drgrdsts_value.match_criteria.drg_attachment_id != null ? drgrdsts_value.match_criteria.drg_attachment_id : drgrdsts_value.match_criteria.drg_attachment_key != null ? local.drtd_attachments[drgrdsts_value.match_criteria.drg_attachment_key].id : null
-
+ drg_attachment_id = length(regexall("^ocid1.drgattachment.*$", coalesce(drgrdsts_value.match_criteria.drg_attachment_id,"__void__"))) > 0 ? drgrdsts_value.match_criteria.drg_attachment_id : (contains(keys(local.drtd_attachments),coalesce(drgrdsts_value.match_criteria.drg_attachment_key,"__void__")) ? local.drtd_attachments[drgrdsts_value.match_criteria.drg_attachment_key].id : (contains(keys(var.network_dependency["drg_attachments"]),coalesce(drgrdsts_value.match_criteria.drg_attachment_key,"__void__")) ? var.network_dependency["drg_attachments"][drgrdsts_value.match_criteria.drg_attachment_key].id : null))
} : null
drgrdsts_key = drgrdsts_key
}
@@ -101,7 +100,7 @@ locals {
attachment_type = drgrdsts_value.match_criteria[0].attachment_type
drg_attachment_id = drgrdsts_value.match_criteria[0].drg_attachment_id
drg_attachment_key = contains(keys(local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].match_criteria), "drg_attachment_key") ? local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].match_criteria.drg_attachment_key : "NOT DETERMINED AS DRG_ATTACHMENT NOT CREATED BY THIS AUTOMATION"
- drg_attachment_name = contains(keys(local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].match_criteria), "drg_attachment_key") ? local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].match_criteria.drg_attachment_key != null ? local.drtd_attachments[local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].match_criteria.drg_attachment_key].display_name : "NOT DETERMINED AS DRG_ATTACHMENT NOT CREATED BY THIS AUTOMATION" : "NOT DETERMINED AS DRG_ATTACHMENT NOT CREATED BY THIS AUTOMATION"
+ #drg_attachment_name = contains(keys(local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].match_criteria), "drg_attachment_key") ? local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].match_criteria.drg_attachment_key != null ? local.drtd_attachments[local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].match_criteria.drg_attachment_key].display_name : "NOT DETERMINED AS DRG_ATTACHMENT NOT CREATED BY THIS AUTOMATION" : "NOT DETERMINED AS DRG_ATTACHMENT NOT CREATED BY THIS AUTOMATION"
}
priority = drgrdsts_value.priority
drg_id = local.one_dimension_processed_drg_route_distributions_statements[drgrdsts_key].drg_id
diff --git a/examples/.gitignore b/examples/.gitignore
new file mode 100644
index 0000000..fbf4c3d
--- /dev/null
+++ b/examples/.gitignore
@@ -0,0 +1,3 @@
+**/*.rem
+**/*.nopub
+**/*.tfvars
\ No newline at end of file
diff --git a/examples/external-dependency/dependencies/vision-nlbs.json b/examples/external-dependency/dependencies/vision-nlbs.json
new file mode 100644
index 0000000..fbf0cd0
--- /dev/null
+++ b/examples/external-dependency/dependencies/vision-nlbs.json
@@ -0,0 +1,5 @@
+{
+ "VISION-NLB": {
+ "id": "ocid1.privateip.oc1.phx.abyhqlj...uiq"
+ }
+}
\ No newline at end of file
diff --git a/examples/external-dependency/main.tf b/examples/external-dependency/main.tf
index 2cec9ba..0871f5f 100644
--- a/examples/external-dependency/main.tf
+++ b/examples/external-dependency/main.tf
@@ -7,4 +7,5 @@ module "vision_network" {
network_configuration = var.network_configuration
compartments_dependency = jsondecode(file("./dependencies/vision-compartments.json"))
network_dependency = jsondecode(file("./dependencies/vision-network.json"))
-}
\ No newline at end of file
+ private_ips_dependency = jsondecode(file("./dependencies/vision-nlbs.json"))
+}
diff --git a/examples/local-peering-gateways/README.md b/examples/local-peering-gateways/README.md
new file mode 100644
index 0000000..59af44f
--- /dev/null
+++ b/examples/local-peering-gateways/README.md
@@ -0,0 +1,15 @@
+# Local Peering Gateways
+
+The enclosed pair of examples shows how to create and peer Local Peering Gateways (LPGs) within a region using the [OCI Landing Zone Core Networking module](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking).
+
+It creates two VCNs. Within each VCN a Local Peering Gateway (LPG) is created. The LPGs are then peered.
+
+## How to Run the Examples
+
+### Run the Acceptor
+1. Replace the placeholders marked with \<\> with appropriate values in ./lpg_acceptor/input.auto.tfvars.template. Rename the file to ./lpg_acceptor/input.auto.tfvars.
+2. Execute terraform init/plan/apply in ./lpg-acceptor folder.
+
+### Run the Requestor
+3. Replace the placeholders marked with \<\> with appropriate values in ./lpg_requestor/input.auto.tfvars.template. Rename the file to ./lpg_requestor/input.auto.tfvars.
+4. Execute terraform init/plan/apply in ./lpg-requestor folder.
\ No newline at end of file
diff --git a/examples/local-peering-gateways/lpg-acceptor/input.auto.tfvars.template b/examples/local-peering-gateways/lpg-acceptor/input.auto.tfvars.template
new file mode 100644
index 0000000..339ed41
--- /dev/null
+++ b/examples/local-peering-gateways/lpg-acceptor/input.auto.tfvars.template
@@ -0,0 +1,30 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+tenancy_ocid = ""
+user_ocid = ""
+fingerprint = ""
+private_key_path = ""
+private_key_password = ""
+region = ""
+
+network_configuration = {
+ default_compartment_id = ""
+ network_configuration_categories = {
+ production = {
+ vcns = {
+ VISION-LPG-ACCEPTOR-VCN = {
+ display_name = "vision-lpg-acceptor-vcn"
+ cidr_blocks = ["192.168.0.0/27"]
+ vcn_specific_gateways = {
+ local_peering_gateways = {
+ ACCEPTOR-LPG = {
+ display_name = "acceptor-lpg"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/examples/local-peering-gateways/lpg-acceptor/main.tf b/examples/local-peering-gateways/lpg-acceptor/main.tf
new file mode 100644
index 0000000..b73b9a6
--- /dev/null
+++ b/examples/local-peering-gateways/lpg-acceptor/main.tf
@@ -0,0 +1,8 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+module "lpg_acceptor" {
+ source = "../../../"
+ network_configuration = var.network_configuration
+}
+
diff --git a/examples/local-peering-gateways/lpg-acceptor/outputs.tf b/examples/local-peering-gateways/lpg-acceptor/outputs.tf
new file mode 100644
index 0000000..855ac84
--- /dev/null
+++ b/examples/local-peering-gateways/lpg-acceptor/outputs.tf
@@ -0,0 +1,15 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+output "networking_resources" {
+ description = "Networking resources"
+ value = module.lpg_acceptor.provisioned_networking_resources
+}
+
+# This resource writes a file with select output as JSON content. This file can be used as a network dependency by another network configuration example that depends on RPCs managed by this example.
+resource "local_file" "network_output" {
+ content = module.lpg_acceptor.provisioned_networking_resources != null ? jsonencode({
+ "local_peering_gateways" : {for k, v in module.lpg_acceptor.provisioned_networking_resources.local_peering_gateways : k => {"id" : v.id}}
+ }) : null
+ filename = "./vision-network.json"
+}
\ No newline at end of file
diff --git a/examples/local-peering-gateways/lpg-acceptor/provider.tf b/examples/local-peering-gateways/lpg-acceptor/provider.tf
new file mode 100644
index 0000000..e82ee04
--- /dev/null
+++ b/examples/local-peering-gateways/lpg-acceptor/provider.tf
@@ -0,0 +1,25 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+provider "oci" {
+ region = var.region
+ tenancy_ocid = var.tenancy_ocid
+ user_ocid = var.user_ocid
+ fingerprint = var.fingerprint
+ private_key_path = var.private_key_path
+ private_key_password = var.private_key_password
+}
+
+terraform {
+ required_version = ">= 1.2.0, < 1.3.0"
+
+ required_providers {
+ oci = {
+ source = "oracle/oci"
+ version = "<= 5.16.0"
+ configuration_aliases = [oci]
+ }
+ }
+
+ experiments = [module_variable_optional_attrs]
+}
\ No newline at end of file
diff --git a/examples/local-peering-gateways/lpg-acceptor/variables.tf b/examples/local-peering-gateways/lpg-acceptor/variables.tf
new file mode 100644
index 0000000..502e8d3
--- /dev/null
+++ b/examples/local-peering-gateways/lpg-acceptor/variables.tf
@@ -0,0 +1,16 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# tenancy details
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "private_key_password" {}
+variable "region" {}
+
+variable "network_configuration" {
+ type = any
+ default = null
+}
+
diff --git a/examples/local-peering-gateways/lpg-requestor/input.auto.tfvars.template b/examples/local-peering-gateways/lpg-requestor/input.auto.tfvars.template
new file mode 100644
index 0000000..22b3851
--- /dev/null
+++ b/examples/local-peering-gateways/lpg-requestor/input.auto.tfvars.template
@@ -0,0 +1,31 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+tenancy_ocid = ""
+user_ocid = ""
+fingerprint = ""
+private_key_path = ""
+private_key_password = ""
+region = ""
+
+network_configuration = {
+ default_compartment_id = ""
+ network_configuration_categories = {
+ production = {
+ vcns = {
+ VISION-LPG-REQUESTOR-VCN = {
+ display_name = "vision-lpg-requestor-vcn"
+ cidr_blocks = ["10.0.0.0/27"]
+ vcn_specific_gateways = {
+ local_peering_gateways = {
+ REQUESTOR-LPG = {
+ display_name = "requestor-lpg"
+ peer_key = "ACCEPTOR-LPG"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/examples/local-peering-gateways/lpg-requestor/main.tf b/examples/local-peering-gateways/lpg-requestor/main.tf
new file mode 100644
index 0000000..8ce54cc
--- /dev/null
+++ b/examples/local-peering-gateways/lpg-requestor/main.tf
@@ -0,0 +1,9 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+module "lpg_requestor" {
+ source = "../../../"
+ network_configuration = var.network_configuration
+ network_dependency = jsondecode(file("../lpg-acceptor/vision-network.json"))
+}
+
diff --git a/examples/local-peering-gateways/lpg-requestor/outputs.tf b/examples/local-peering-gateways/lpg-requestor/outputs.tf
new file mode 100644
index 0000000..88fdb77
--- /dev/null
+++ b/examples/local-peering-gateways/lpg-requestor/outputs.tf
@@ -0,0 +1,7 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+output "networking_resources" {
+ description = "Networking resources"
+ value = module.lpg_requestor.provisioned_networking_resources
+}
\ No newline at end of file
diff --git a/examples/local-peering-gateways/lpg-requestor/provider.tf b/examples/local-peering-gateways/lpg-requestor/provider.tf
new file mode 100644
index 0000000..e82ee04
--- /dev/null
+++ b/examples/local-peering-gateways/lpg-requestor/provider.tf
@@ -0,0 +1,25 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+provider "oci" {
+ region = var.region
+ tenancy_ocid = var.tenancy_ocid
+ user_ocid = var.user_ocid
+ fingerprint = var.fingerprint
+ private_key_path = var.private_key_path
+ private_key_password = var.private_key_password
+}
+
+terraform {
+ required_version = ">= 1.2.0, < 1.3.0"
+
+ required_providers {
+ oci = {
+ source = "oracle/oci"
+ version = "<= 5.16.0"
+ configuration_aliases = [oci]
+ }
+ }
+
+ experiments = [module_variable_optional_attrs]
+}
\ No newline at end of file
diff --git a/examples/local-peering-gateways/lpg-requestor/variables.tf b/examples/local-peering-gateways/lpg-requestor/variables.tf
new file mode 100644
index 0000000..502e8d3
--- /dev/null
+++ b/examples/local-peering-gateways/lpg-requestor/variables.tf
@@ -0,0 +1,16 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# tenancy details
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "private_key_password" {}
+variable "region" {}
+
+variable "network_configuration" {
+ type = any
+ default = null
+}
+
diff --git a/examples/remote-peering-connections/README.md b/examples/remote-peering-connections/README.md
new file mode 100644
index 0000000..dabe5f5
--- /dev/null
+++ b/examples/remote-peering-connections/README.md
@@ -0,0 +1,15 @@
+# Remote Peering Connections
+
+The enclosed pair of examples shows how to create Remote Peering connections (RPCs) across regions using the [OCI Landing Zone Core Networking module](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking).
+
+It creates two DRGs, one in the region specified in [./rpc_acceptor/input.auto.tfvars.template](./rpc_acceptor/input.auto.tfvars.template) and another in the region specified in [./rpc_requestor/input.auto.tfvars.template](./rpc_requestor/input.auto.tfvars.template). Each DRG is attached an RPC (Remote Peering Connection). The RPCs are then peered.
+
+## How to Run the Examples
+
+### Run the Acceptor
+1. Replace the placeholders marked with \<\> with appropriate values in ./rpc_acceptor/input.auto.tfvars.template. Rename the file to ./rpc_acceptor/input.auto.tfvars.
+2. Execute terraform init/plan/apply in ./rpc-acceptor folder.
+
+### Run the Requestor
+3. Replace the placeholders marked with \<\> with appropriate values in ./rpc_requestor/input.auto.tfvars.template. Rename the file to ./rpc_requestor/input.auto.tfvars.
+4. Execute terraform init/plan/apply in ./rpc-requestor folder.
\ No newline at end of file
diff --git a/examples/remote-peering-connections/rpc-acceptor/input.auto.tfvars.template b/examples/remote-peering-connections/rpc-acceptor/input.auto.tfvars.template
new file mode 100644
index 0000000..ea64780
--- /dev/null
+++ b/examples/remote-peering-connections/rpc-acceptor/input.auto.tfvars.template
@@ -0,0 +1,29 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+tenancy_ocid = ""
+user_ocid = ""
+fingerprint = ""
+private_key_path = ""
+private_key_password = ""
+region = ""
+
+network_configuration = {
+ default_compartment_id = ""
+ network_configuration_categories = {
+ production = {
+ non_vcn_specific_gateways = {
+ dynamic_routing_gateways = {
+ VISION-DRG = {
+ display_name = "vision-drg"
+ remote_peering_connections = {
+ ACCEPTOR-RPC = {
+ display_name = "acceptor-rpc"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/examples/remote-peering-connections/rpc-acceptor/main.tf b/examples/remote-peering-connections/rpc-acceptor/main.tf
new file mode 100644
index 0000000..1a34033
--- /dev/null
+++ b/examples/remote-peering-connections/rpc-acceptor/main.tf
@@ -0,0 +1,8 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+module "rpc_acceptor" {
+ source = "../../../"
+ network_configuration = var.network_configuration
+}
+
diff --git a/examples/remote-peering-connections/rpc-acceptor/outputs.tf b/examples/remote-peering-connections/rpc-acceptor/outputs.tf
new file mode 100644
index 0000000..1d18973
--- /dev/null
+++ b/examples/remote-peering-connections/rpc-acceptor/outputs.tf
@@ -0,0 +1,15 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+output "networking_resources" {
+ description = "Networking resources"
+ value = module.rpc_acceptor.provisioned_networking_resources
+}
+
+# This resource writes a file with select output as JSON content. This file can be used as a network dependency by another network configuration example that depends on RPCs managed by this example.
+resource "local_file" "network_output" {
+ content = module.rpc_acceptor.provisioned_networking_resources != null ? jsonencode({
+ "remote_peering_connections" : {for k, v in module.rpc_acceptor.provisioned_networking_resources.remote_peering_connections : k => {"id" : v.id, "region_name" : var.region}}
+ }) : null
+ filename = "./vision-network.json"
+}
\ No newline at end of file
diff --git a/examples/remote-peering-connections/rpc-acceptor/provider.tf b/examples/remote-peering-connections/rpc-acceptor/provider.tf
new file mode 100644
index 0000000..e82ee04
--- /dev/null
+++ b/examples/remote-peering-connections/rpc-acceptor/provider.tf
@@ -0,0 +1,25 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+provider "oci" {
+ region = var.region
+ tenancy_ocid = var.tenancy_ocid
+ user_ocid = var.user_ocid
+ fingerprint = var.fingerprint
+ private_key_path = var.private_key_path
+ private_key_password = var.private_key_password
+}
+
+terraform {
+ required_version = ">= 1.2.0, < 1.3.0"
+
+ required_providers {
+ oci = {
+ source = "oracle/oci"
+ version = "<= 5.16.0"
+ configuration_aliases = [oci]
+ }
+ }
+
+ experiments = [module_variable_optional_attrs]
+}
\ No newline at end of file
diff --git a/examples/remote-peering-connections/rpc-acceptor/variables.tf b/examples/remote-peering-connections/rpc-acceptor/variables.tf
new file mode 100644
index 0000000..502e8d3
--- /dev/null
+++ b/examples/remote-peering-connections/rpc-acceptor/variables.tf
@@ -0,0 +1,16 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# tenancy details
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "private_key_password" {}
+variable "region" {}
+
+variable "network_configuration" {
+ type = any
+ default = null
+}
+
diff --git a/examples/remote-peering-connections/rpc-requestor/input.auto.tfvars.template b/examples/remote-peering-connections/rpc-requestor/input.auto.tfvars.template
new file mode 100644
index 0000000..eda92a9
--- /dev/null
+++ b/examples/remote-peering-connections/rpc-requestor/input.auto.tfvars.template
@@ -0,0 +1,30 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+tenancy_ocid = ""
+user_ocid = ""
+fingerprint = ""
+private_key_path = ""
+private_key_password = ""
+region = ""
+
+network_configuration = {
+ default_compartment_id = ""
+ network_configuration_categories = {
+ production = {
+ non_vcn_specific_gateways = {
+ dynamic_routing_gateways = {
+ VISION-DRG = {
+ display_name = "vision-drg"
+ remote_peering_connections = {
+ REQUESTOR-RPC = {
+ display_name = "requestor-rpc"
+ peer_key = "ACCEPTOR-RPC"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/examples/remote-peering-connections/rpc-requestor/main.tf b/examples/remote-peering-connections/rpc-requestor/main.tf
new file mode 100644
index 0000000..1cb5b72
--- /dev/null
+++ b/examples/remote-peering-connections/rpc-requestor/main.tf
@@ -0,0 +1,9 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+module "rpc_requestor" {
+ source = "../../../"
+ network_configuration = var.network_configuration
+ network_dependency = jsondecode(file("../rpc-acceptor/vision-network.json"))
+}
+
diff --git a/examples/remote-peering-connections/rpc-requestor/outputs.tf b/examples/remote-peering-connections/rpc-requestor/outputs.tf
new file mode 100644
index 0000000..bce5de9
--- /dev/null
+++ b/examples/remote-peering-connections/rpc-requestor/outputs.tf
@@ -0,0 +1,7 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+output "networking_resources" {
+ description = "Networking resources"
+ value = module.rpc_requestor.provisioned_networking_resources
+}
\ No newline at end of file
diff --git a/examples/remote-peering-connections/rpc-requestor/provider.tf b/examples/remote-peering-connections/rpc-requestor/provider.tf
new file mode 100644
index 0000000..e82ee04
--- /dev/null
+++ b/examples/remote-peering-connections/rpc-requestor/provider.tf
@@ -0,0 +1,25 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+provider "oci" {
+ region = var.region
+ tenancy_ocid = var.tenancy_ocid
+ user_ocid = var.user_ocid
+ fingerprint = var.fingerprint
+ private_key_path = var.private_key_path
+ private_key_password = var.private_key_password
+}
+
+terraform {
+ required_version = ">= 1.2.0, < 1.3.0"
+
+ required_providers {
+ oci = {
+ source = "oracle/oci"
+ version = "<= 5.16.0"
+ configuration_aliases = [oci]
+ }
+ }
+
+ experiments = [module_variable_optional_attrs]
+}
\ No newline at end of file
diff --git a/examples/remote-peering-connections/rpc-requestor/variables.tf b/examples/remote-peering-connections/rpc-requestor/variables.tf
new file mode 100644
index 0000000..502e8d3
--- /dev/null
+++ b/examples/remote-peering-connections/rpc-requestor/variables.tf
@@ -0,0 +1,16 @@
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# tenancy details
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "private_key_password" {}
+variable "region" {}
+
+variable "network_configuration" {
+ type = any
+ default = null
+}
+
diff --git a/local_peering_gateways.tf b/local_peering_gateways.tf
index 25672cd..bebdb32 100644
--- a/local_peering_gateways.tf
+++ b/local_peering_gateways.tf
@@ -78,8 +78,8 @@ locals {
peer_advertised_cidr = lpg_value.peer_advertised_cidr
peer_advertised_cidr_details = lpg_value.peer_advertised_cidr_details
peer_id = lpg_value.peer_id
- peer_key = can([for lpg_key2, lpg_value2 in merge(oci_core_local_peering_gateway.oci_acceptor_local_peering_gateways, oci_core_local_peering_gateway.oci_requestor_local_peering_gateways) : lpg_key2 if lpg_value2.id == lpg_value.peer_id][0]) ? [for lpg_key2, lpg_value2 in merge(oci_core_local_peering_gateway.oci_acceptor_local_peering_gateways, oci_core_local_peering_gateway.oci_requestor_local_peering_gateways) : lpg_key2 if lpg_value2.id == lpg_value.peer_id][0] : "NOT PEERED OR PARTNER LPG CREATED OUTSIDE THIS AUTOMATION"
- peer_name = can([for lpg_key2, lpg_value2 in merge(oci_core_local_peering_gateway.oci_acceptor_local_peering_gateways, oci_core_local_peering_gateway.oci_requestor_local_peering_gateways) : lpg_value2.display_name if lpg_value2.id == lpg_value.peer_id][0]) ? [for lpg_key2, lpg_value2 in merge(oci_core_local_peering_gateway.oci_acceptor_local_peering_gateways, oci_core_local_peering_gateway.oci_requestor_local_peering_gateways) : lpg_value2.display_name if lpg_value2.id == lpg_value.peer_id][0] : "NOT PEERED OR PARTNER LPG CREATED OUTSIDE THIS AUTOMATION"
+ #peer_key = can([for lpg_key2, lpg_value2 in merge(oci_core_local_peering_gateway.oci_acceptor_local_peering_gateways, oci_core_local_peering_gateway.oci_requestor_local_peering_gateways) : lpg_key2 if lpg_value2.id == lpg_value.peer_id][0]) ? [for lpg_key2, lpg_value2 in merge(oci_core_local_peering_gateway.oci_acceptor_local_peering_gateways, oci_core_local_peering_gateway.oci_requestor_local_peering_gateways) : lpg_key2 if lpg_value2.id == lpg_value.peer_id][0] : "NOT PEERED OR PARTNER LPG CREATED OUTSIDE THIS AUTOMATION"
+ #peer_name = can([for lpg_key2, lpg_value2 in merge(oci_core_local_peering_gateway.oci_acceptor_local_peering_gateways, oci_core_local_peering_gateway.oci_requestor_local_peering_gateways) : lpg_value2.display_name if lpg_value2.id == lpg_value.peer_id][0]) ? [for lpg_key2, lpg_value2 in merge(oci_core_local_peering_gateway.oci_acceptor_local_peering_gateways, oci_core_local_peering_gateway.oci_requestor_local_peering_gateways) : lpg_value2.display_name if lpg_value2.id == lpg_value.peer_id][0] : "NOT PEERED OR PARTNER LPG CREATED OUTSIDE THIS AUTOMATION"
peering_status = lpg_value.peering_status
peering_status_details = lpg_value.peering_status_details
route_table_id = lpg_value.route_table_id
@@ -148,6 +148,9 @@ resource "oci_core_local_peering_gateway" "oci_requestor_local_peering_gateways"
defined_tags = each.value.defined_tags
display_name = each.value.display_name
freeform_tags = merge(local.cislz_module_tag, each.value.freeform_tags)
+
+ peer_id = each.value.peer_id != null ? each.value.peer_id : (each.value.peer_key != null ? merge(oci_core_local_peering_gateway.oci_acceptor_local_peering_gateways, try(var.network_dependency["local_peering_gateways"],{}))[each.value.peer_key].id : null)
+
route_table_id = each.value.route_table_id != null ? each.value.route_table_id : each.value.route_table_key != null ? merge(
{
for rt_key, rt_value in merge(
diff --git a/modules/l7_load_balancers/SPEC.md b/modules/l7_load_balancers/SPEC.md
index b9e674b..cf9dcd0 100644
--- a/modules/l7_load_balancers/SPEC.md
+++ b/modules/l7_load_balancers/SPEC.md
@@ -33,8 +33,9 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [compartments\_dependency](#input\_compartments\_dependency) | A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the compartment OCID) of string type. | `map(any)` | `null` | no |
-| [l7\_load\_balancers\_configuration](#input\_l7\_load\_balancers\_configuration) | n/a | object({
dependencies = optional(object({
subnets = optional(map(object({
availability_domain = string,
cidr_block = string,
compartment_id = string,
defined_tags = map(string),
dhcp_options_id = string,
dhcp_options_key = string,
dhcp_options_name = string,
display_name = string,
dns_label = string,
freeform_tags = map(string),
id = string,
ipv6cidr_block = bool,
ipv6cidr_blocks = list(string),
ipv6virtual_router_ip = string,
prohibit_internet_ingress = string,
prohibit_public_ip_on_vnic = string,
route_table_id = string,
route_table_key = string,
route_table_name = string,
security_lists = map(object({})),
state = string,
subnet_domain_name = string,
time_created = string,
timeouts = object({}),
vcn_id = string,
vcn_key = string,
vcn_name = string,
network_configuration_category = string,
virtual_router_ip = string,
virtual_router_mac = string,
subnet_key = string
}))),
public_ips = optional(map(object({
assigned_entity_id = string,
assigned_entity_type = string,
availability_domain = string,
compartment_id = string,
defined_tags = map(string),
display_name = string,
freeform_tags = map(string),
id = string,
ip_address = string
lifetime = string,
private_ip_id = string,
public_ip_pool_id = string,
public_ip_pool_key = string,
scope = string,
state = string,
time_created = string,
pubips_key = string,
network_configuration_category = string
})))
network_security_groups = optional(map(object({
compartment_id = string,
defined_tags = map(string),
display_name = string,
freeform_tags = map(string),
id = string,
nsg_key = string,
state = string,
time_created = string,
timeouts = object({}),
vcn_id = string,
vcn_key = string,
vcn_name = string,
network_configuration_category = string
}))),
})),
l7_load_balancers = map(object({
compartment_id = optional(string),
display_name = string,
shape = string,
subnet_ids = list(string),
subnet_keys = list(string),
defined_tags = optional(map(string)),
freeform_tags = optional(map(string)),
ip_mode = optional(string),
is_private = optional(bool),
network_security_group_ids = optional(list(string)),
network_security_group_keys = optional(list(string)),
reserved_ips_ids = optional(list(string)),
reserved_ips_keys = optional(list(string)),
network_configuration_category = string,
shape_details = optional(object({
maximum_bandwidth_in_mbps = number,
minimum_bandwidth_in_mbps = number
}))
backend_sets = optional(map(object({
health_checker = object({
protocol = string,
interval_ms = number,
is_force_plain_text = bool,
port = number,
response_body_regex = optional(string),
retries = number,
return_code = number,
timeout_in_millis = number,
url_path = optional(string)
})
name = string,
policy = string,
lb_cookie_session_persistence_configuration = optional(object({
cookie_name = optional(string),
disable_fallback = optional(bool),
domain = optional(string),
is_http_only = optional(bool),
is_secure = optional(bool),
max_age_in_seconds = optional(number),
path = optional(string),
}))
session_persistence_configuration = optional(object({
cookie_name = string,
disable_fallback = optional(bool)
}))
ssl_configuration = optional(object({
certificate_ids = optional(list(string)),
certificate_keys = optional(list(string)),
certificate_name = optional(string),
cipher_suite_name = optional(string),
protocols = optional(list(string)),
server_order_preference = optional(string),
trusted_certificate_authority_ids = optional(list(string)),
trusted_certificate_authority_keys = optional(list(string)),
verify_depth = optional(number),
verify_peer_certificate = optional(bool),
}))
backends = optional(map(object({
ip_address = string,
port = number,
backup = optional(bool),
drain = optional(bool),
offline = optional(bool),
weight = optional(number)
})))
})))
cipher_suites = optional(map(object({
ciphers = list(string),
name = string
})))
path_route_sets = optional(map(object({
name = string,
path_routes = map(object({
backend_set_key = string,
path = string,
path_match_type = object({
match_type = string
})
}))
})))
host_names = optional(map(object({
hostname = string,
name = string
})))
routing_policies = optional(map(object({
condition_language_version = string,
name = string,
rules = map(object({
actions = map(object({
backend_set_key = string,
name = string,
}))
condition = string,
name = string
}))
})))
rule_sets = optional(map(object({
name = string,
items = map(object({
action = string,
allowed_methods = optional(list(string)),
are_invalid_characters_allowed = optional(bool),
conditions = optional(map(object({
attribute_name = string,
attribute_value = string,
operator = optional(string)
})))
description = optional(string),
header = optional(string),
http_large_header_size_in_kb = optional(number),
prefix = optional(string),
redirect_uri = optional(object({
host = optional(string, )
path = optional(string),
port = optional(number),
protocol = optional(string),
query = optional(string)
}))
response_code = optional(number)
status_code = optional(number),
suffix = optional(string),
value = optional(string)
}))
})))
certificates = optional(map(object({
#Required
certificate_name = string,
#Optional
ca_certificate = optional(string),
passphrase = optional(string),
private_key = optional(string),
public_certificate = optional(string)
})))
listeners = optional(map(object({
default_backend_set_key = string,
name = string,
port = string,
protocol = string,
connection_configuration = optional(object({
idle_timeout_in_seconds = number,
backend_tcp_proxy_protocol_version = optional(string)
}))
hostname_keys = optional(list(string)),
path_route_set_key = optional(string),
routing_policy_key = optional(string),
rule_set_keys = optional(list(string)),
ssl_configuration = optional(object({
certificate_key = optional(string),
certificate_ids = optional(list(string)),
cipher_suite_key = optional(string),
protocols = optional(list(string)),
server_order_preference = optional(string),
trusted_certificate_authority_ids = optional(list(string)),
verify_depth = optional(number),
verify_peer_certificate = optional(bool)
}))
})))
}))
}) | n/a | yes |
+| [compartments\_dependency](#input\_compartments\_dependency) | A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the compartment OCID) of string type. | map(object({
id = string # the compartment OCID
})) | `null` | no |
+| [l7\_load\_balancers\_configuration](#input\_l7\_load\_balancers\_configuration) | n/a | object({
dependencies = optional(object({
subnets = optional(map(object({
availability_domain = string,
cidr_block = string,
compartment_id = string,
defined_tags = map(string),
dhcp_options_id = string,
dhcp_options_key = string,
dhcp_options_name = string,
display_name = string,
dns_label = string,
freeform_tags = map(string),
id = string,
ipv6cidr_block = string,
ipv6cidr_blocks = list(string),
ipv6virtual_router_ip = string,
prohibit_internet_ingress = string,
prohibit_public_ip_on_vnic = string,
route_table_id = string,
route_table_key = string,
route_table_name = string,
security_lists = map(object({})),
state = string,
subnet_domain_name = string,
time_created = string,
timeouts = object({}),
vcn_id = string,
vcn_key = string,
vcn_name = string,
network_configuration_category = string,
virtual_router_ip = string,
virtual_router_mac = string,
subnet_key = string
}))),
public_ips = optional(map(object({
assigned_entity_id = string,
assigned_entity_type = string,
availability_domain = string,
compartment_id = string,
defined_tags = map(string),
display_name = string,
freeform_tags = map(string),
id = string,
ip_address = string
lifetime = string,
private_ip_id = string,
public_ip_pool_id = string,
public_ip_pool_key = string,
scope = string,
state = string,
time_created = string,
pubips_key = string,
network_configuration_category = string
})))
network_security_groups = optional(map(object({
compartment_id = string,
defined_tags = map(string),
display_name = string,
freeform_tags = map(string),
id = string,
nsg_key = string,
state = string,
time_created = string,
timeouts = object({}),
vcn_id = string,
vcn_key = string,
vcn_name = string,
network_configuration_category = string
}))),
})),
l7_load_balancers = map(object({
compartment_id = optional(string),
display_name = string,
shape = string,
subnet_ids = list(string),
subnet_keys = list(string),
defined_tags = optional(map(string)),
freeform_tags = optional(map(string)),
ip_mode = optional(string),
is_private = optional(bool),
network_security_group_ids = optional(list(string)),
network_security_group_keys = optional(list(string)),
reserved_ips_ids = optional(list(string)),
reserved_ips_keys = optional(list(string)),
network_configuration_category = string,
shape_details = optional(object({
maximum_bandwidth_in_mbps = number,
minimum_bandwidth_in_mbps = number
}))
backend_sets = optional(map(object({
health_checker = object({
protocol = string,
interval_ms = number,
is_force_plain_text = bool,
port = number,
response_body_regex = optional(string),
retries = number,
return_code = number,
timeout_in_millis = number,
url_path = optional(string)
})
name = string,
policy = string,
lb_cookie_session_persistence_configuration = optional(object({
cookie_name = optional(string),
disable_fallback = optional(bool),
domain = optional(string),
is_http_only = optional(bool),
is_secure = optional(bool),
max_age_in_seconds = optional(number),
path = optional(string),
}))
session_persistence_configuration = optional(object({
cookie_name = string,
disable_fallback = optional(bool)
}))
ssl_configuration = optional(object({
certificate_ids = optional(list(string)),
certificate_keys = optional(list(string)),
certificate_name = optional(string),
cipher_suite_name = optional(string),
protocols = optional(list(string)),
server_order_preference = optional(string),
trusted_certificate_authority_ids = optional(list(string)),
trusted_certificate_authority_keys = optional(list(string)),
verify_depth = optional(number),
verify_peer_certificate = optional(bool),
}))
backends = optional(map(object({
ip_address = string,
port = number,
backup = optional(bool),
drain = optional(bool),
offline = optional(bool),
weight = optional(number)
})))
})))
cipher_suites = optional(map(object({
ciphers = list(string),
name = string
})))
path_route_sets = optional(map(object({
name = string,
path_routes = map(object({
backend_set_key = string,
path = string,
path_match_type = object({
match_type = string
})
}))
})))
host_names = optional(map(object({
hostname = string,
name = string
})))
routing_policies = optional(map(object({
condition_language_version = string,
name = string,
rules = map(object({
actions = map(object({
backend_set_key = string,
name = string,
}))
condition = string,
name = string
}))
})))
rule_sets = optional(map(object({
name = string,
items = map(object({
action = string,
allowed_methods = optional(list(string)),
are_invalid_characters_allowed = optional(bool),
conditions = optional(map(object({
attribute_name = string,
attribute_value = string,
operator = optional(string)
})))
description = optional(string),
header = optional(string),
http_large_header_size_in_kb = optional(number),
prefix = optional(string),
redirect_uri = optional(object({
host = optional(string, )
path = optional(string),
port = optional(number),
protocol = optional(string),
query = optional(string)
}))
response_code = optional(number)
status_code = optional(number),
suffix = optional(string),
value = optional(string)
}))
})))
certificates = optional(map(object({
#Required
certificate_name = string,
#Optional
ca_certificate = optional(string),
passphrase = optional(string),
private_key = optional(string),
public_certificate = optional(string)
})))
listeners = optional(map(object({
default_backend_set_key = string,
name = string,
port = string,
protocol = string,
connection_configuration = optional(object({
idle_timeout_in_seconds = number,
backend_tcp_proxy_protocol_version = optional(string)
}))
hostname_keys = optional(list(string)),
path_route_set_key = optional(string),
routing_policy_key = optional(string),
rule_set_keys = optional(list(string)),
ssl_configuration = optional(object({
certificate_key = optional(string),
certificate_ids = optional(list(string)),
cipher_suite_key = optional(string),
protocols = optional(list(string)),
server_order_preference = optional(string),
trusted_certificate_authority_ids = optional(list(string)),
verify_depth = optional(number),
verify_peer_certificate = optional(bool)
}))
})))
}))
}) | n/a | yes |
+| [module\_name](#input\_module\_name) | The module name. | `string` | `"networking-l7-load-balancers"` | no |
## Outputs
diff --git a/modules/l7_load_balancers/variables.tf b/modules/l7_load_balancers/variables.tf
index 39cd4a6..257b25d 100644
--- a/modules/l7_load_balancers/variables.tf
+++ b/modules/l7_load_balancers/variables.tf
@@ -250,6 +250,8 @@ variable module_name {
variable compartments_dependency {
description = "A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the compartment OCID) of string type."
- type = map(any)
+ type = map(object({
+ id = string # the compartment OCID
+ }))
default = null
}
\ No newline at end of file
diff --git a/modules/nlb/SPEC.md b/modules/nlb/SPEC.md
new file mode 100644
index 0000000..247736f
--- /dev/null
+++ b/modules/nlb/SPEC.md
@@ -0,0 +1,46 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | < 1.3.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [oci](#provider\_oci) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [oci_network_load_balancer_backend.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_load_balancer_backend) | resource |
+| [oci_network_load_balancer_backend_set.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_load_balancer_backend_set) | resource |
+| [oci_network_load_balancer_listener.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_load_balancer_listener) | resource |
+| [oci_network_load_balancer_network_load_balancer.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_load_balancer_network_load_balancer) | resource |
+| [oci_core_private_ips.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_private_ips) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [compartments\_dependency](#input\_compartments\_dependency) | A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the compartment OCID) of string type. | map(object({
id = string # the compartment OCID
})) | `null` | no |
+| [enable\_output](#input\_enable\_output) | Whether Terraform should enable the module output. | `bool` | `true` | no |
+| [instances\_dependency](#input\_instances\_dependency) | A map of objects containing the externally managed Compute instances this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the instance OCID) of string type. | map(object({
id = string # the instance OCID
private_ip = optional(string) # the instance or VNIC private IP address
})) | `null` | no |
+| [module\_name](#input\_module\_name) | The module name. | `string` | `"network-load-balancer"` | no |
+| [network\_dependency](#input\_network\_dependency) | An object containing the externally managed network resources this module may depend on. Supported resources are 'subnets' and 'network\_security\_groups', represented as map of objects. Each object, when defined, must have an 'id' attribute of string type set with the subnet OCID or network security group OCID. | object({
subnets = optional(map(object({
id = string # the subnet OCID
})))
network_security_groups = optional(map(object({
id = string # the network security group OCID
})))
}) | `null` | no |
+| [nlb\_configuration](#input\_nlb\_configuration) | n/a | object({
default_compartment_id = optional(string)
default_subnet_id = optional(string)
default_defined_tags = optional(map(string))
default_freeform_tags = optional(map(string))
nlbs = optional(map(object({
compartment_id = optional(string)
display_name = string
is_private = bool # Whether the NLB has a virtual cloud network-local (private) IP address.
subnet_id = optional(string)
network_security_group_ids = optional(list(string))
reserved_ips = optional(list(object({ # List of objects representing a reserved IP address to be attached or that is already attached to a network load balancer.
id = optional(string) # OCID of the reserved public IP address created with the VCN.
})))
skip_source_dest_check = optional(bool)
listeners = map(object({
name = optional(string)
port = number
protocol = string
ip_version = optional(string)
backend_set = object({
name = string
policy = optional(string)
health_checker = object({
protocol = string # The protocol the health check must use. Valid values: "HTTP", "HTTPS", "UDP", "TCP".
interval_in_millis = optional(number) # The interval between health checks, in milliseconds. The default value is 10000 (10 seconds)
port = optional(number) # The backend server port against which to run the health check. If the port is not specified, then the network load balancer uses the port information from the Backend object.
request_data = optional(string) # Base64 encoded pattern to be sent as UDP or TCP health check probe.
response_body_regex = optional(string) # A regular expression for parsing the response body from the backend server. Example: ^((?!false).|\s)*$
response_data = optional(string) # Base64 encoded pattern to be validated as UDP or TCP health check probe response.
retries = optional(number) # The number of retries to attempt before a backend server is considered "unhealthy". This number also applies when recovering a server to the "healthy" state. The default value is 3.
return_code = optional(number) # The status code a healthy backend server should return. If you configure the health check policy to use the HTTP protocol, then you can use common HTTP status codes such as "200".
timeout_in_millis = optional(number) # The maximum time, in milliseconds, to wait for a reply to a health check. A health check is successful only if a reply returns within this timeout period. The default value is 3000 (3 seconds)
url_path = optional(string) # The path against which to run the health check. Default is "/" Example: "/healthcheck"
})
ip_version = optional(string)
backends = map(object({
name = string
port = number
weight = optional(number)
ip_address = optional(string)
is_backup = optional(bool)
is_drain = optional(bool)
is_offline = optional(bool)
target_id = optional(string) # The IP OCID/Instance OCID associated with the backend server
}))
})
}))
defined_tags = optional(map(string))
freeform_tags = optional(map(string))
})))
}) | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [nlb\_backend\_sets](#output\_nlb\_backend\_sets) | The NLB backend sets. |
+| [nlb\_backends](#output\_nlb\_backends) | The NLB backends. |
+| [nlb\_listeners](#output\_nlb\_listeners) | The NLB listeners. |
+| [nlbs](#output\_nlbs) | The Network Load Balancers (NLBs). |
+| [nlbs\_private\_ips](#output\_nlbs\_private\_ips) | The NLBs private IP addresses. |
diff --git a/modules/nlb/examples/vision/outputs.tf b/modules/nlb/examples/vision/outputs.tf
index 845a864..f47b19f 100644
--- a/modules/nlb/examples/vision/outputs.tf
+++ b/modules/nlb/examples/vision/outputs.tf
@@ -6,3 +6,8 @@ output "nlbs" {
description = "The NLBs"
value = module.vision_nlbs.nlbs
}
+
+output "nlbs_private_ips" {
+ description = "The NLBs private IP addresses."
+ value = module.vision_nlbs.nlbs_private_ips
+}
diff --git a/modules/nlb/main.tf b/modules/nlb/main.tf
index 1b89a46..d260716 100644
--- a/modules/nlb/main.tf
+++ b/modules/nlb/main.tf
@@ -137,3 +137,8 @@ resource "oci_network_load_balancer_backend" "these" {
target_id = each.value.target_id != null ? (length(regexall("^ocid1.*$", each.value.target_id)) > 0 ? each.value.target_id : var.instances_dependency[each.value.target_id].id) : null
}
+data "oci_core_private_ips" "these" {
+ for_each = oci_network_load_balancer_network_load_balancer.these
+ ip_address = each.value.is_private == true ? [for a in each.value.ip_addresses: a.ip_address if a.is_public == false][0] : "0.0.0.0/0"
+ subnet_id = each.value.subnet_id
+}
diff --git a/modules/nlb/outputs.tf b/modules/nlb/outputs.tf
index 4d9470a..ca6f9d8 100644
--- a/modules/nlb/outputs.tf
+++ b/modules/nlb/outputs.tf
@@ -20,3 +20,8 @@ output "nlb_backends" {
description = "The NLB backends."
value = var.enable_output ? oci_network_load_balancer_backend.these : null
}
+
+output "nlbs_private_ips" {
+ description = "The NLBs private IP addresses."
+ value = data.oci_core_private_ips.these
+}
diff --git a/modules/nlb/variables.tf b/modules/nlb/variables.tf
index a11a1c6..cd021d0 100644
--- a/modules/nlb/variables.tf
+++ b/modules/nlb/variables.tf
@@ -70,18 +70,30 @@ variable "module_name" {
variable compartments_dependency {
description = "A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the compartment OCID) of string type."
- type = map(any)
+ type = map(object({
+ id = string # the compartment OCID
+ }))
default = null
}
variable network_dependency {
- description = "A map of objects containing the externally managed network resources this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the network resource OCID) of string type."
- type = map(any)
+ description = "An object containing the externally managed network resources this module may depend on. Supported resources are 'subnets' and 'network_security_groups', represented as map of objects. Each object, when defined, must have an 'id' attribute of string type set with the subnet OCID or network security group OCID."
+ type = object({
+ subnets = optional(map(object({
+ id = string # the subnet OCID
+ })))
+ network_security_groups = optional(map(object({
+ id = string # the network security group OCID
+ })))
+ })
default = null
}
variable instances_dependency {
description = "A map of objects containing the externally managed Compute instances this module may depend on. All map objects must have the same type and must contain at least an 'id' attribute (representing the instance OCID) of string type."
- type = map(any)
+ type = map(object({
+ id = string # the instance OCID
+ private_ip = optional(string) # the instance or VNIC private IP address
+ }))
default = null
}
\ No newline at end of file
diff --git a/release.txt b/release.txt
index e0ea44c..bf21f52 100644
--- a/release.txt
+++ b/release.txt
@@ -1 +1 @@
-0.6.5
\ No newline at end of file
+0.6.6
\ No newline at end of file
diff --git a/remote_peering_connections.tf b/remote_peering_connections.tf
index 8ea8045..41c9937 100644
--- a/remote_peering_connections.tf
+++ b/remote_peering_connections.tf
@@ -80,8 +80,8 @@ locals {
id = rpc_value.id
is_cross_tenancy_peering = rpc_value.is_cross_tenancy_peering
peer_id = rpc_value.peer_id
- peer_key = can([for rpc_key2, rpc_value2 in merge(oci_core_remote_peering_connection.oci_requestor_remote_peering_connections, oci_core_remote_peering_connection.oci_acceptor_remote_peering_connections) : rpc_key2 if rpc_value2.id == rpc_value.peer_id][0]) ? [for rpc_key2, rpc_value2 in merge(oci_core_remote_peering_connection.oci_requestor_remote_peering_connections, oci_core_remote_peering_connection.oci_acceptor_remote_peering_connections) : rpc_key2 if rpc_value2.id == rpc_value.peer_id][0] : "NOT PEERED OR PARTNER RPC CREATED OUTSIDE THIS AUTOMATION"
- peer_name = can([for rpc_key2, rpc_value2 in merge(oci_core_remote_peering_connection.oci_requestor_remote_peering_connections, oci_core_remote_peering_connection.oci_acceptor_remote_peering_connections) : rpc_value2.display_name if rpc_value2.id == rpc_value.peer_id][0]) ? [for rpc_key2, rpc_value2 in merge(oci_core_remote_peering_connection.oci_requestor_remote_peering_connections, oci_core_remote_peering_connection.oci_acceptor_remote_peering_connections) : rpc_key2 if rpc_value2.id == rpc_value.peer_id][0] : "NOT PEERED OR PARTNER RPC CREATED OUTSIDE THIS AUTOMATION"
+ #peer_key = can([for rpc_key2, rpc_value2 in merge(oci_core_remote_peering_connection.oci_requestor_remote_peering_connections, oci_core_remote_peering_connection.oci_acceptor_remote_peering_connections) : rpc_key2 if rpc_value2.id == rpc_value.peer_id][0]) ? [for rpc_key2, rpc_value2 in merge(oci_core_remote_peering_connection.oci_requestor_remote_peering_connections, oci_core_remote_peering_connection.oci_acceptor_remote_peering_connections) : rpc_key2 if rpc_value2.id == rpc_value.peer_id][0] : "NOT PEERED OR PARTNER RPC CREATED OUTSIDE THIS AUTOMATION"
+ #peer_name = can([for rpc_key2, rpc_value2 in merge(oci_core_remote_peering_connection.oci_requestor_remote_peering_connections, oci_core_remote_peering_connection.oci_acceptor_remote_peering_connections) : rpc_value2.display_name if rpc_value2.id == rpc_value.peer_id][0]) ? [for rpc_key2, rpc_value2 in merge(oci_core_remote_peering_connection.oci_requestor_remote_peering_connections, oci_core_remote_peering_connection.oci_acceptor_remote_peering_connections) : rpc_key2 if rpc_value2.id == rpc_value.peer_id][0] : "NOT PEERED OR PARTNER RPC CREATED OUTSIDE THIS AUTOMATION"
peer_region_name = rpc_value.peer_region_name
peer_tenancy_id = rpc_value.peer_tenancy_id
peering_status = rpc_value.peering_status
@@ -122,10 +122,7 @@ resource "oci_core_remote_peering_connection" "oci_requestor_remote_peering_conn
display_name = each.value.display_name
freeform_tags = merge(local.cislz_module_tag, each.value.freeform_tags)
- peer_region_name = each.value.peer_region_name
+ peer_region_name = contains(keys(try(var.network_dependency["remote_peering_connections"],{})),each.value.peer_key) ? var.network_dependency["remote_peering_connections"][each.value.peer_key].region_name : each.value.peer_region_name
- peer_id = each.value.peer_id != null ? each.value.peer_id : each.value.peer_key != null ? merge(
- oci_core_remote_peering_connection.oci_acceptor_remote_peering_connections,
- var.network_dependency
- )[each.value.peer_key].id : null
+ peer_id = each.value.peer_id != null ? each.value.peer_id : (each.value.peer_key != null ? merge(oci_core_remote_peering_connection.oci_acceptor_remote_peering_connections, try(var.network_dependency["remote_peering_connections"],{}))[each.value.peer_key].id : null)
}
\ No newline at end of file
diff --git a/route_tables.tf b/route_tables.tf
index 0cb4223..46803e2 100644
--- a/route_tables.tf
+++ b/route_tables.tf
@@ -130,7 +130,9 @@ locals {
local.provisioned_nat_gateways,
local.provisioned_service_gateways,
local.provisioned_dynamic_gateways,
- local.provisioned_local_peering_gateways
+ local.provisioned_local_peering_gateways,
+ coalesce(var.private_ips_dependency,{}),
+ coalesce(try(var.network_dependency["dynamic_routing_gateways"],null),{})
)
// Process the input for the route tables defined as part of the newly defined VCNs.
@@ -244,7 +246,8 @@ locals {
// defining all posible route rules targets for IGW specific route tables
// MARKING an external dependency on subnets and IP addresses for searching for private IP OCID for Private IP targets
- route_rules_targets_for_IGW_NATGW_specific_RTs = {}
+ #route_rules_targets_for_IGW_NATGW_specific_RTs = {}
+ route_rules_targets_for_IGW_NATGW_specific_RTs = merge(coalesce(var.private_ips_dependency,{}),coalesce(try(var.network_dependency["dynamic_routing_gateways"],null),{}))
// Search for all the route tables that have route rules that satisfy ANY of the criterias for being attached to a IGW/NAT-GW considering their route rules target
igw_natgw_attachable_specific_route_tables = local.merged_one_dimension_processed_route_tables != null ? length(local.merged_one_dimension_processed_route_tables) > 0 ? {
@@ -287,7 +290,8 @@ locals {
]
// defining all posible route rules targets for SGW specific route tables
- route_rules_targets_for_SGW_specific_RTs = local.provisioned_dynamic_gateways
+ #route_rules_targets_for_SGW_specific_RTs = merge(local.provisioned_dynamic_gateways)
+ route_rules_targets_for_SGW_specific_RTs = merge(local.provisioned_dynamic_gateways,var.private_ips_dependency)
// Search for all the sgw specific route tables that have route rules that satisfy:
// 1. CONDITION 1
@@ -341,7 +345,8 @@ locals {
//------------------------------- LPG Attachment ALGORITHM LOCALS ELEMENTS -----------------------------------------
// defining all posible route rules targets for LPG specific route tables
- route_rules_targets_for_LPG_specific_RTs = local.provisioned_service_gateways
+ #route_rules_targets_for_LPG_specific_RTs = local.provisioned_service_gateways
+ route_rules_targets_for_LPG_specific_RTs = merge(local.provisioned_service_gateways, var.private_ips_dependency)
// Define what are the route rules possible targets, inside a route table, that will allow for the row table to be attached to a LPG - the configuration that covers ALL the possible options for LPG - route rules to all the possible targets
@@ -409,9 +414,14 @@ locals {
//------------------------------- DRG Attachment ALGORITHM LOCALS ELEMENTS -----------------------------------------
// defining all posible route rules targets for DRGA specific route tables
- route_rules_targets_for_DRGA_specific_RTs = merge(
+ # route_rules_targets_for_DRGA_specific_RTs = merge(
+ # local.provisioned_local_peering_gateways,
+ # local.provisioned_service_gateways
+ # )
+ route_rules_targets_for_DRGA_specific_RTs = merge(
local.provisioned_local_peering_gateways,
- local.provisioned_service_gateways
+ local.provisioned_service_gateways,
+ var.private_ips_dependency
)
// Define what are the route rules possible targets, inside a route table, that will allow for the row table to be attached to a DRG Attachment - the configuration that covers ALL the possible options for DRG Attachment - route rules to all the possible targets
diff --git a/variables.tf b/variables.tf
index c678f50..884d65b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1038,7 +1038,7 @@ variable "compartments_dependency" {
}
variable "network_dependency" {
- description = "An object containing the externally managed network resources this module may depend on. It must define at least one of two maps of objects, with their keys equal to 'vcns' and 'dynamic_routing_gateways'. Each of these maps must have one object with the 'id' attribute of string type set with the VCN or DRG OCID. See External Dependencies section in README.md (https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking#ext-dep) for details."
+ description = "An object containing the externally managed network resources this module may depend on. Supported resources are 'vcns', 'dynamic_routing_gateways', 'drg_attachments', 'local_peering_gateways', and 'remote_peering_connections', represented as map of objects. Each object, when defined, must have an 'id' attribute of string type set with the VCN, DRG OCID, DRG Attachment OCID, Local Peering Gateway OCID or Remote Peering Connection OCID. 'remote_peering_connections' must also pass the peer region name in the region_name attribute. See External Dependencies section in README.md (https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking#ext-dep) for details."
type = object({
vcns = optional(map(object({
id = string # the VCN OCID
@@ -1046,6 +1046,24 @@ variable "network_dependency" {
dynamic_routing_gateways = optional(map(object({
id = string # the DRG OCID
})))
+ drg_attachments = optional(map(object({
+ id = string # the DRG attachment OCID
+ })))
+ local_peering_gateways = optional(map(object({
+ id = string # the LPG OCID
+ })))
+ remote_peering_connections = optional(map(object({
+ id = string # the peer RPC OCID
+ region_name = string # the peer RPC region name
+ })))
})
default = null
+}
+
+variable "private_ips_dependency" {
+ description = "An object containing the externally managed Private IP resources this module may depend on. All map objects must have the same type and must contain an 'id' attribute of string type set with the Private IP OCID. See External Dependencies section in README.md (https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking#ext-dep) for details."
+ type = map(object({
+ id = string
+ }))
+ default = null
}
\ No newline at end of file