Merge branch 'main' into ram_share_tags

README.md

@@ -117,6 +117,7 @@ The IPAM `operating_region` variable must be set for the primary Region in your
 | <a name="input_ipam_scope_id"></a> [ipam\_scope\_id](#input\_ipam\_scope\_id) | (Optional) Required if `var.ipam_id` is set. Determines which scope to deploy pools into. | `string` | `null` | no |
 | <a name="input_ipam_scope_type"></a> [ipam\_scope\_type](#input\_ipam\_scope\_type) | Which scope type to use. Valid inputs include `public` or `private`. You can alternatively provide your own scope ID. | `string` | `"private"` | no |
 | <a name="input_pool_configurations"></a> [pool\_configurations](#input\_pool\_configurations) | A multi-level, nested map describing nested IPAM pools. Can nest up to three levels with the top level being outside the `pool_configurations`. This attribute is quite complex, see README.md for further explanation. | `any` | `{}` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Tags to add to the aws\_vpc\_ipam resource. | `any` | `{}` | no |
 | <a name="input_top_auto_import"></a> [top\_auto\_import](#input\_top\_auto\_import) | `auto_import` setting for top-level pool. | `bool` | `null` | no |
 | <a name="input_top_cidr_authorization_context"></a> [top\_cidr\_authorization\_context](#input\_top\_cidr\_authorization\_context) | A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP. Document is not stored in the state file. For more information, refer to https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_pool_cidr#cidr_authorization_context. | `any` | `null` | no |
 | <a name="input_top_description"></a> [top\_description](#input\_top\_description) | Description of top-level pool. | `string` | `""` | no |
@@ -133,4 +134,4 @@ The IPAM `operating_region` variable must be set for the primary Region in your
 | <a name="output_pools_level_1"></a> [pools\_level\_1](#output\_pools\_level\_1) | Map of all pools at level 1. |
 | <a name="output_pools_level_2"></a> [pools\_level\_2](#output\_pools\_level\_2) | Map of all pools at level 2. |
 | <a name="output_pools_level_3"></a> [pools\_level\_3](#output\_pools\_level\_3) | Map of all pools at level 3. |
-<!-- END_TF_DOCS -->
+<!-- END_TF_DOCS -->

examples/single_scope_ipv4/main.tf

@@ -14,7 +14,6 @@ module "basic" {
     corporate-us-west-2 = {
       description = "2nd level, locale us-west-2 pool"
       cidr        = ["10.0.0.0/16", "10.1.0.0/16"]
-      locale      = "us-west-2"
 
       sub_pools = {
 
@@ -33,6 +32,7 @@ module "basic" {
             team_a = {
               cidr                 = ["10.1.0.0/24"]
               ram_share_principals = var.prod_account # prod account
+              locale               = "us-west-2"
             }
 
             team_b = {
@@ -42,7 +42,8 @@ module "basic" {
           }
         }
         prod = {
-          cidr = ["10.1.16.0/20"]
+          cidr   = ["10.1.16.0/20"]
+          locale = "us-west-2"
 
           sub_pools = {
             team_a = {

main.tf

@@ -35,6 +35,8 @@ resource "aws_vpc_ipam" "main" {
       region_name = operating_regions.key
     }
   }
+
+  tags = var.tags
 }
 
 module "level_zero" {

modules/sub_pool/README.md

@@ -10,7 +10,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.6.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.17.1 |
 
 ## Modules
 
@@ -35,7 +35,7 @@ No modules.
 | <a name="input_pool_config"></a> [pool\_config](#input\_pool\_config) | Configuration of the Pool you want to deploy. All aws\_vpc\_ipam\_pool arguments are available as well as ram\_share\_principals list and sub\_pools map (up to 3 levels). | <pre>object({<br>    cidr                 = list(string)<br>    ram_share_principals = optional(list(string))<br><br>    locale                            = optional(string)<br>    allocation_default_netmask_length = optional(string)<br>    allocation_max_netmask_length     = optional(string)<br>    allocation_min_netmask_length     = optional(string)<br>    auto_import                       = optional(string)<br>    aws_service                       = optional(string)<br>    description                       = optional(string)<br>    name                              = optional(string)<br>    publicly_advertisable             = optional(bool)<br><br>    allocation_resource_tags   = optional(map(string))<br>    tags                       = optional(map(string))<br>    cidr_authorization_context = optional(map(string))<br><br>    sub_pools = optional(any)<br>  })</pre> | n/a | yes |
 | <a name="input_source_ipam_pool_id"></a> [source\_ipam\_pool\_id](#input\_source\_ipam\_pool\_id) | IPAM parent pool ID to attach the pool to. | `string` | n/a | yes |
 | <a name="input_implied_description"></a> [implied\_description](#input\_implied\_description) | Description is implied from the pool tree name <parent>/<child> unless specified on the pool\_config. | `string` | `null` | no |
-| <a name="input_implied_locale"></a> [implied\_locale](#input\_implied\_locale) | Locale is implied from a parent pool even if another is specified. Its not possible to set child pools to different locales. | `string` | `null` | no |
+| <a name="input_implied_locale"></a> [implied\_locale](#input\_implied\_locale) | Locale is implied from a parent pool even if another is specified. Its not possible to set child pools to different locales. | `string` | `"None"` | no |
 | <a name="input_implied_name"></a> [implied\_name](#input\_implied\_name) | Name is implied from the pool tree name <parent>/<child> unless specified on the pool\_config. | `string` | `null` | no |
 
 ## Outputs

modules/sub_pool/main.tf

@@ -1,10 +1,12 @@
 locals {
   description = var.pool_config.description == null ? var.implied_description : var.pool_config.description
-  name        = var.pool_config.name == null ? var.implied_name : var.pool_config.name
-
+
+  name = var.pool_config.name == null ? var.implied_name : var.pool_config.name
   tags = merge(var.pool_config.tags, {
     Name = local.name }
   )
+
+  ram_share_enabled = try(length(var.pool_config.ram_share_principals), 0) > 0
 }
 
 resource "aws_vpc_ipam_pool" "sub" {
@@ -13,7 +15,7 @@ resource "aws_vpc_ipam_pool" "sub" {
   source_ipam_pool_id = var.source_ipam_pool_id
 
   description                       = local.description
-  locale                            = var.implied_locale == null ? var.pool_config.locale : var.implied_locale
+  locale                            = var.implied_locale != "None" ? var.implied_locale : var.pool_config.locale
   allocation_default_netmask_length = var.pool_config.allocation_default_netmask_length
   allocation_max_netmask_length     = var.pool_config.allocation_max_netmask_length
   allocation_min_netmask_length     = var.pool_config.allocation_min_netmask_length
@@ -41,22 +43,22 @@ resource "aws_vpc_ipam_pool_cidr" "sub" {
 }
 
 resource "aws_ram_resource_share" "sub" {
-  count = var.pool_config.ram_share_principals == null ? 0 : 1
+  count = local.ram_share_enabled ? 1 : 0
 
   name = replace(var.implied_description, "/", "-")
 
   tags = local.tags
 }
 
 resource "aws_ram_resource_association" "sub" {
-  count = var.pool_config.ram_share_principals == null ? 0 : 1
+  count = local.ram_share_enabled ? 1 : 0
 
   resource_arn       = aws_vpc_ipam_pool.sub.arn
   resource_share_arn = aws_ram_resource_share.sub[0].arn
 }
 
 resource "aws_ram_principal_association" "sub" {
-  for_each = var.pool_config.ram_share_principals == null ? [] : toset(var.pool_config.ram_share_principals)
+  for_each = local.ram_share_enabled ? toset(var.pool_config.ram_share_principals) : []
 
   principal          = each.key
   resource_share_arn = aws_ram_resource_share.sub[0].arn

modules/sub_pool/variables.tf

@@ -38,7 +38,7 @@ variable "pool_config" {
 variable "implied_locale" {
   description = "Locale is implied from a parent pool even if another is specified. Its not possible to set child pools to different locales."
   type        = string
-  default     = null
+  default     = "None"
 }
 
 variable "implied_description" {

variables.tf

@@ -93,3 +93,9 @@ variable "ipam_scope_type" {
     error_message = "Scope type must be either public or private."
   }
 }
+
+variable "tags" {
+  description = "Tags to add to the aws_vpc_ipam resource."
+  type        = any
+  default     = {}
+}