Merge pull request #21 from unifio/wc-peer-support

Peering connection support

Author: blakeneyops

CHANGELOG.md

@@ -1,5 +1,17 @@
 ## Unreleased
 
+## 0.2.5 (October 7, 2016)
+
+#### BACKWARDS INCOMPATIBILITIES / NOTES:
+* Unattached VPN gateways created by previous versions of this module will be destroyed and recreated on update due to changes in resource naming.
+* This module has been verified for compatiblity with Terraform 0.7.5.
+
+#### FEATURES:
+* Added support for establishing VPC peering connections.
+
+#### BUG FIXES:
+* Resolved issue where changing the attached status of a VPN gateway would result in the resource being destroyed and recreated.
+
 ## 0.2.4 (June 24, 2016)
 
 #### IMPROVEMENTS:

README.md

@@ -18,68 +18,69 @@ The Base module provisions the VPC, attaches an Internet Gateway, and creates NA
 
 ### Input Variables ###
 
-- `stack_item_label` - Short form identifier for this stack.  This value is used to create the "Name" resource tag for resources created by this stack item, and also serves as a unique key for re-use.
-- `stack_item_fullname` - Long form descriptive name for this stack item.  This value is used to create the "application" resource tag for resources created by this stack item.
-- `vpc_cidr` - The CIDR block you want the VPC to cover. For example: 10.0.0.0/16.
-- `instance_tenacy` - The allowed tenancy of instances launched into the VPC. Defaults to 'default'. Only other option at this time is 'dedicated', which will force any instance launched into the VPC to be dedicated, regardless of the tenancy option specified when the instance is launched.
+- `enable_classiclink` - (Optional) Specifies whether ClassicLink is enabled for the VPC. Defaults to false.
 - `enable_dns` - (Optional) Specifies whether DNS resolution is supported for the VPC. Defaults to true.
 - `enable_hostnames` - (Optional) Specifies whether the instances launched in the VPC get DNS hostnames. Defaults to true.
-- `enable_classiclink` - (Optional) Specifies whether ClassicLink is enabled for the VPC. Defaults to false.
 - `flow_log_traffic_type` - (Optional) The type of traffic to capture. Valid values: ACCEPT,REJECT,ALL.
+- `instance_tenacy` - The allowed tenancy of instances launched into the VPC. Defaults to 'default'. Only other option at this time is 'dedicated', which will force any instance launched into the VPC to be dedicated, regardless of the tenancy option specified when the instance is launched.
 - `rt_vgw_prop` - (Optional) Specifies whether virtual gateway route propagation should be enabled on the routing table(s). Valid values: 0 or 1. Defaults to 0 (disabled).
+- `stack_item_label` - Short form identifier for this stack.  This value is used to create the "Name" resource tag for resources created by this stack item, and also serves as a unique key for re-use.
+- `stack_item_fullname` - Long form descriptive name for this stack item.  This value is used to create the "application" resource tag for resources created by this stack item.
+- `vpc_cidr` - The CIDR block you want the VPC to cover. For example: 10.0.0.0/16.
 - `vgw_ids` - (Optional) A list of virtual gateways to associate with the routing tables for route propagation.
 
-
 ### Usage ###
 
 ```js
 module "vpc_base" {
-  source              = "github.com/unifio/terraform-aws-vpc//base"
-  stack_item_label    = "mystack1"
-  stack_item_fullname = "Stack Item Description"
-  vpc_cidr            = "10.10.0.0/22"
+  source = "github.com/unifio/terraform-aws-vpc?ref=master//base"
+
   enable_dns          = true
   enable_hostnames    = false
+  stack_item_fullname = "Stack Item Description"
+  stack_item_label    = "mystack1"
+  vpc_cidr            = "10.10.0.0/22"
 }
 ```
 
 ### Outputs ###
 
-- `vpc_id` - ID of the VPC.
+- `flow_log_id` - ID of the AWS flow log.
 - `igw_id` - ID of the Internet gateway.
 - `rt_dmz_id` - ID of the DMZ routing table.
-- `flow_log_id` - ID of the AWS flow log.
+- `vpc_id` - ID of the VPC.
 
 ## DHCP module ##
 
 The DHCP module provisions a DHCP options resource and associates it with the specified VPC resource.
 
 ### Input Variables ###
 
-- `stack_item_label` - Short form identifier for this stack.  This value is used to create the "Name" resource tag for resources created by this stack item, and also serves as a unique key for re-use.
-- `stack_item_fullname` - Long form descriptive name for this stack item.  This value is used to create the "application" resource tag for resources created by this stack item.
-- `vpc_id` - ID of the VPC to associate the DHCP Options Set with.
 - `domain_name` - (Optional) The suffix domain name to use by default when resolving non Fully Qualified Domain Names. In other words, this is what ends up being the search value in the /etc/resolv.conf file.
 - `name_servers` - (Optional) List of name servers to configure in /etc/resolv.conf.
-- `ntp_servers` - (Optional) List of NTP servers to configure.
 - `netbios_name_servers` -  (Optional) List of NETBIOS name servers.
 - `netbios_node_type` - (Optional) The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network. For more information about these node types, see RFC 2132.  Defaults to 2.
+- `ntp_servers` - (Optional) List of NTP servers to configure.
+- `stack_item_fullname` - Long form descriptive name for this stack item.  This value is used to create the "application" resource tag for resources created by this stack item.
+- `stack_item_label` - Short form identifier for this stack.  This value is used to create the "Name" resource tag for resources created by this stack item, and also serves as a unique key for re-use.
+- `vpc_id` - ID of the VPC to associate the DHCP Options Set with.
 
 ### Usage ###
 
 The usage examples may assume that previous modules in this stack have already been declared, such as the base module, instantiated as "vpc_base".  This declaration is not necessary, but does promote a consistent and maintainable standard.
 
 ```js
 module "dhcp" {
-  source               = "github.com/terraform-aws-vpc//dhcp"
-  vpc_id               = "${module.vpc_base.vpc_id}"
-  stack_item_label     = "mystack1"
-  stack_item_fullname  = "myname"
+  source = "github.com/terraform-aws-vpc?ref=master//dhcp"
+
   domain_name          = "mydomain.com"
   name_servers         = "10.128.8.10"
-  ntp_servers          = "10.128.8.10"
   netbios_name_servers = "10.128.8.10"
   netbios_node_type    = 2
+  ntp_servers          = "10.128.8.10"
+  stack_item_fullname  = "myname"
+  stack_item_label     = "mystack1"
+  vpc_id               = "${module.vpc_base.vpc_id}"
 }
 ```
 
@@ -93,8 +94,8 @@ Creates a VPC VPN Gateway
 
 ### Input Variables
 
-- `stack_item_label` - Short form identifier for this stack.  This value is used to create the "Name" resource tag for resources created by this stack item, and also serves as a unique key for re-use.
 - `stack_item_fullname` - Long form descriptive name for this stack item.  This value is used to create the "application" resource tag for resources created by this stack item.
+- `stack_item_label` - Short form identifier for this stack.  This value is used to create the "Name" resource tag for resources created by this stack item, and also serves as a unique key for re-use.
 - `vpc_attach` - Specifies whether the VPG should be associated with a VPC. Valid value: 0 or 1. Defaults to 0 (unattached).
 - `vpc_id` - The VPC to associate the VPG with.
 
@@ -104,11 +105,12 @@ The usage examples may assume that previous modules in this stack have already b
 
 ```js
 module "vpg" {
-  source              = "github.com/terraform-aws-vpc//vpg"
-  vpc_attach          = 1
-  vpc_id              = "${module.vpc_base.vpc_id}"
+  source = "github.com/terraform-aws-vpc?ref=master//vpg"
+
   stack_item_fullname = "Stack Item Description"
   stack_item_label    = "mystack1"
+  vpc_attach          = 1
+  vpc_id              = "${module.vpc_base.vpc_id}"
 }
 ```
 
@@ -122,38 +124,39 @@ In each Availability Zone provided, this module provisions subnets and routing t
 
 ### Input Variables ###
 
-- `stack_item_label` - Short form identifier for this stack.  This value is used to create the "Name" resource tag for resources created by this stack item, and also serves as a unique key for re-use.
-- `stack_item_fullname` - Long form descriptive name for this stack item.  This value is used to create the "application" resource tag for resources created by this stack item.
-- `vpc_id` - ID of the VPC.
-- `region` - The AWS region.
 - `az` - Availability zone(s).  Will accept a comma delimited string.
 - `dmz_cidr` - The CIDR block(s) you want the DMZ subnet(s) to cover.  Will accept a comma delimited string.  This list should correspond 1:1 to each AZ.
+- `enable_dmz_public_ips` - (Optional) Specify true to indicate that instances launched into the DMZ subnet should be assigned a public IP address.  Defaults to true.
 - `lan_cidr` - The CIDR block(s) you want the LAN subnet(s) to cover.  Will accept a comma delimited string.  This list should correspond 1:1 to each AZ.
 - `lans_per_az` - (Optional) The number of private LAN subnets to be provisioned per AZ.  You will need to double the CIDR blocks specified in the `lan_cidr` variable for each increase in this value.  Defaults to 1.
-- `enable_dmz_public_ips` - (Optional) Specify true to indicate that instances launched into the DMZ subnet should be assigned a public IP address.  Defaults to true.
+- `region` - The AWS region.
 - `rt_dmz_id` - The ID of the DMZ routing table.
 - `rt_vgw_prop` - (Optional) Specifies whether virtual gateway route propagation should be enabled on the routing table(s). Valid values: 0 or 1. Defaults to 0 (disabled).
+- `stack_item_fullname` - Long form descriptive name for this stack item.  This value is used to create the "application" resource tag for resources created by this stack item.
+- `stack_item_label` - Short form identifier for this stack.  This value is used to create the "Name" resource tag for resources created by this stack item, and also serves as a unique key for re-use.
 - `vgw_ids` - (Optional) A list of virtual gateways to associate with the routing tables for route propagation.
+- `vpc_id` - ID of the VPC.
 
 ### Usage ###
 
 The usage examples may assume that previous modules in this stack have already been declared, such as the base module, instantiated as "vpc_base".  This declaration is not necessary, but does promote a consistent and maintainable standard.
 
 ```js
-module "AZs" {
-    source                = "github.com/unifio/terraform-aws-vpc//az"
-    stack_item_label      = "mystack1"
-    stack_item_fullname   = "Stack Item Description"
-    vpc_id                = "${module.vpc_base.vpc_id}"
-    region                = "us-west-2"
-    az                    = "a,b"    
-    dmz_cidr              = "10.10.0.0/25,10.10.0.128/25,10.10.1.0/25"
-    lan_cidr              = "10.10.2.0/25,10.10.2.128/25,10.10.3.0/25"
-    lans_per_az           = "1"
-    enable_dmz_public_ips = true
-    rt_dmz_id             = "${module.vpc_base.rt_dmz_id}"
-    rt_vgw_prop           = 1
-    vgw_ids               = "${aws_vpn_gateway.vpg.id}"
+module "az" {
+  source = "github.com/unifio/terraform-aws-vpc?ref=master//az"
+
+  az                    = "a,b"
+  dmz_cidr              = "10.10.0.0/25,10.10.0.128/25,10.10.1.0/25"
+  enable_dmz_public_ips = true
+  lan_cidr              = "10.10.2.0/25,10.10.2.128/25,10.10.3.0/25"
+  lans_per_az           = "1"
+  region                = "us-west-2"
+  rt_dmz_id             = "${module.vpc_base.rt_dmz_id}"
+  rt_vgw_prop           = 1
+  stack_item_fullname   = "Stack Item Description"
+  stack_item_label      = "mystack1"
+  vgw_ids               = "${aws_vpn_gateway.vpg.id}"
+  vpc_id                = "${module.vpc_base.vpc_id}" 
 }
 ```
 
@@ -170,6 +173,43 @@ module "AZs" {
 - `eip_nat_ip` - List of NAT gateway public IPs.
 - `rt_lan_id` - List of routing table IDs for the LAN subnets.
 
+## Peer Module ##
+
+Creates a VPC peering connection
+
+### Input Variables
+
+- `accepter_allow_remote_dns` - Allow accepter VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC.
+- `multi_acct` - Flag indicating whether the peering connection spans multiple AWS accounts.
+- `peer_owner_id` - The AWS account ID of the owner of the peer VPC.
+- `peer_vpc_id` - The ID of the VPC with which you are creating the VPC Peering Connection.
+- `requester_allow_remote_dns` - Allow requester VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the accepter VPC.
+- `stack_item_fullname` - Long form descriptive name for this stack item.  This value is used to create the "application" resource tag for resources created by this stack item.
+- `stack_item_label` - Short form identifier for this stack.  This value is used to create the "Name" resource tag for resources created by this stack item, and also serves as a unique key for re-use.
+- `vpc_id` - The ID of the requester VPC.
+
+### Usage
+
+The usage examples may assume that previous modules in this stack have already been declared, such as the base module, instantiated as "vpc_base".  This declaration is not necessary, but does promote a consistent and maintainable standard.
+
+```js
+module "vpc_peer" {
+  source = "github.com/terraform-aws-vpc?ref=master//peer"
+
+  accepter_allow_remote_dns  = false
+  peer_owner_id              = "${var.peer_owner_id}"
+  peer_vpc_id                = "${var.peer_vpc_id}"
+  requester_allow_remote_dns = true
+  stack_item_fullname        = "${var.stack_item_fullname}"
+  stack_item_label           = "${var.stack_item_label}"
+  vpc_id                     = "${var.owner_vpc_id}"
+}
+```
+
+### Outputs ###
+
+- `peer_connection_id` - ID of the newly created peering connection.
+
 ## Examples ##
 
 See the [examples](examples) directory for a complete set of example source files.

Rakefile

@@ -8,7 +8,7 @@ task :default => :verify
 desc "Verify the stack"
 task :verify do
 
-  ['basic', 'full_stack'].each do |stack|
+  %w(basic full_stack).each do |stack|
     task_args = {:stack => stack, :tf_img => ENV['TF_IMG'], :tf_cmd => ENV['TF_CMD']}
     Rake::Task['clean'].execute(Rake::TaskArguments.new(task_args.keys, task_args.values))
     Rake::Task['check_style'].execute(Rake::TaskArguments.new(task_args.keys, task_args.values))
@@ -37,6 +37,11 @@ task :get, [:stack, :tf_img, :tf_cmd] do |t, args|
   sh "#{args['tf_cmd']} -v `pwd`:/data -w /data/examples/#{args['stack']} #{args['tf_img']} get"
 end
 
+desc "Get output"
+task :output, [:stack, :tf_img, :tf_cmd, :output] do |t, args|
+  sh "#{args['tf_cmd']} -v `pwd`:/data -w /data/examples/#{args['stack']} #{args['tf_img']} output #{args['output']}"
+end
+
 desc "Apply stack"
 task :apply, [:stack, :tf_img, :tf_cmd, :var_file] do |t, args|
   sh "#{args['tf_cmd']} -v `pwd`:/data -w /data/examples/#{args['stack']} #{args['tf_img']} apply -var-file /data/examples/#{args['var_file']}"

circle.yml

@@ -2,12 +2,35 @@ machine:
   services:
     - docker
   environment:
-    TF_IMG: unifio/terraform:0.7.4
-    TF_CMD: docker run -v /home/ubuntu/.aws:/home/user/.aws -e AWS_DEFAULT_REGION=us-east-1 -e LOCAL_USER_ID=1000 --rm
+    TF_IMG: unifio/terraform:0.7.5
+    TF_CMD: docker run -v /home/ubuntu/.aws:/home/user/.aws -e AWS_DEFAULT_REGION=us-east-1 -e LOCAL_USER_ID=1000
 test:
   pre:
     - docker pull $TF_IMG
   override:
+    # Verify stacks
     - bundle exec rake
+    # Test basic VPC deployment
     - "bundle exec rake apply['basic',${TF_IMG},\"${TF_CMD}\",'basic.tfvars']"
+    # Test VPG attachment
+    - 'echo -e "vpg_vpc_attach = \"1\"\n" | tee -a examples/basic.tfvars'
+    - "bundle exec rake apply['basic',${TF_IMG},\"${TF_CMD}\",'basic.tfvars']"
+    # Test full stack VPC deployment
+    - "bundle exec rake apply['full_stack',${TF_IMG},\"${TF_CMD}\",'full_stack.tfvars']"
+    # Test VPG attachment and route propagation
+    - 'echo -e "vpg_vpc_attach = \"1\"\n" | tee -a examples/full_stack.tfvars'
+    - 'echo -e "rt_vgw_prop = \"1\"\n" | tee -a examples/full_stack.tfvars'
+    - "bundle exec rake apply['full_stack',${TF_IMG},\"${TF_CMD}\",'full_stack.tfvars']"
+    # Testing peering connection
+    - 'export LAN_RT_IDS=`bundle exec rake output["basic",${TF_IMG},"${TF_CMD}","lan_rt_ids"]` && echo -e "owner_rt_lan_id = \"${LAN_RT_IDS}\"" | tee -a examples/peering.tfvars'
+    - 'export VPC_ID=`bundle exec rake output["basic",${TF_IMG},"${TF_CMD}","vpc_id"]` && echo -e "owner_vpc_id = \"${VPC_ID}\"" | tee -a examples/peering.tfvars'
+    - 'export LAN_RT_IDS=`bundle exec rake output["full_stack",${TF_IMG},"${TF_CMD}","lan_rt_ids"]` && echo -e "peer_rt_lan_id = \"${LAN_RT_IDS}\"" | tee -a examples/peering.tfvars'
+    - 'export VPC_ID=`bundle exec rake output["full_stack",${TF_IMG},"${TF_CMD}","vpc_id"]` && echo -e "peer_vpc_id = \"${VPC_ID}\"" | tee -a examples/peering.tfvars'
+    - 'echo -e "peer_owner_id = \"${PEER_OWNER_ID}\"\n" | tee -a examples/peering.tfvars'
+    - "bundle exec rake get['peering',${TF_IMG},\"${TF_CMD}\"]"
+    - "bundle exec rake apply['peering',${TF_IMG},\"${TF_CMD}\",'peering.tfvars']"
+    # Test stack clean-up
+    - "bundle exec rake destroy['peering',${TF_IMG},\"${TF_CMD}\",'peering.tfvars']"
+    - "bundle exec rake destroy['full_stack',${TF_IMG},\"${TF_CMD}\",'full_stack.tfvars']"
     - "bundle exec rake destroy['basic',${TF_IMG},\"${TF_CMD}\",'basic.tfvars']"
+    

examples/basic.tfvars

@@ -1,2 +1,4 @@
+enable_dns          = "true"
+enable_hostnames    = "true"
 stack_item_fullname = "Basic AWS VPC deployment example"
 stack_item_label    = "exmpl-bsc"

examples/basic/main.tf

@@ -42,9 +42,10 @@ module "vpc_vpg" {
   #source = "github.com/unifio/terraform-aws-vpc?ref=master//vpg"
   source = "../../vpg"
 
-  vpc_attach          = 0
   stack_item_label    = "${var.stack_item_label}"
   stack_item_fullname = "${var.stack_item_fullname}"
+  vpc_attach          = "${var.vpg_vpc_attach}"
+  vpc_id              = "${module.vpc_base.vpc_id}"
 }
 
 ## Configures routing

examples/basic/outputs.tf

@@ -11,3 +11,7 @@ output "dmz_subnet_ids" {
 output "lan_subnet_ids" {
   value = "${module.vpc_az.lan_id}"
 }
+
+output "lan_rt_ids" {
+  value = "${module.vpc_az.rt_lan_id}"
+}

examples/basic/variables.tf

@@ -56,3 +56,9 @@ variable "enable_hostnames" {
   description = "Specifies whether the instances launched in the VPC get DNS hostnames"
   default     = false
 }
+
+variable "vpg_vpc_attach" {
+  type        = "string"
+  description = "Flag for selecting whether the VPG should be attached to a VPC."
+  default     = "0"
+}