From 36e15d03b42342098eb9e523fc28785fd9f73ae6 Mon Sep 17 00:00:00 2001 From: Matthew Lemmond Date: Tue, 2 May 2023 18:14:10 -0400 Subject: [PATCH 1/3] feat: add access tags and utilize in examples/tests --- README.md | 7 ++ examples/default/main.tf | 1 + examples/default/variables.tf | 6 ++ examples/landing_zone/main.tf | 2 + examples/landing_zone/variables.tf | 5 ++ .../management-vpc/README.md | 1 + landing-zone-submodule/management-vpc/main.tf | 1 + .../management-vpc/variables.tf | 5 ++ landing-zone-submodule/workload-vpc/README.md | 1 + landing-zone-submodule/workload-vpc/main.tf | 1 + .../workload-vpc/variables.tf | 6 ++ main.tf | 3 + module-metadata.json | 75 +++++++++++++------ network_acls.tf | 1 + subnet.tf | 1 + tests/pr_test.go | 22 ++++++ variables.tf | 13 ++++ 17 files changed, 128 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 88dcd355..c45880d8 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,12 @@ You need the following permissions to run this module. - **Resource Group** \ - `Viewer` resource group access +Optionally, you need the following permissions to attach Access Management tags to resources in this module. + +- IAM Services + - **Tagging** service + - `Administrator` platform access + ## Examples @@ -107,6 +113,7 @@ You need the following permissions to run this module. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [access\_tags](#input\_access\_tags) | A list of access tags to apply to the resources created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details | `list(string)` | `[]` | no | | [address\_prefixes](#input\_address\_prefixes) | OPTIONAL - IP range that will be defined for the VPC for a certain location. Use only with manual address prefixes | 
object({
    zone-1 = optional(list(string))
    zone-2 = optional(list(string))
    zone-3 = optional(list(string))
  })
| 
{
  "zone-1": null,
  "zone-2": null,
  "zone-3": null
}
| no | | [classic\_access](#input\_classic\_access) | OPTIONAL - Classic Access to the VPC | `bool` | `false` | no | | [create\_authorization\_policy\_vpc\_to\_cos](#input\_create\_authorization\_policy\_vpc\_to\_cos) | Create authorisation policy for VPC to access COS. Set as false if authorization policy exists already | `bool` | `false` | no | diff --git a/examples/default/main.tf b/examples/default/main.tf index 74699444..9e983d60 100644 --- a/examples/default/main.tf +++ b/examples/default/main.tf @@ -48,6 +48,7 @@ module "slz_vpc" { name = var.name prefix = var.prefix tags = var.resource_tags + access_tags = var.access_tags enable_vpc_flow_logs = var.enable_vpc_flow_logs create_authorization_policy_vpc_to_cos = var.create_authorization_policy_vpc_to_cos existing_cos_instance_guid = ibm_resource_instance.cos_instance[0].guid diff --git a/examples/default/variables.tf b/examples/default/variables.tf index 7ed05151..f968f93d 100644 --- a/examples/default/variables.tf +++ b/examples/default/variables.tf @@ -34,6 +34,12 @@ variable "resource_tags" { default = null } +variable "access_tags" { + type = list(string) + description = "Optional list of access tags to be added to the created Key Protect instance" + default = [] +} + variable "enable_vpc_flow_logs" { type = bool description = "Enable VPC Flow Logs, it will create Flow logs collector if set to true" diff --git a/examples/landing_zone/main.tf b/examples/landing_zone/main.tf index 90863a77..4ea058fa 100644 --- a/examples/landing_zone/main.tf +++ b/examples/landing_zone/main.tf @@ -36,6 +36,7 @@ module "workload_vpc" { region = var.region prefix = var.prefix tags = var.resource_tags + access_tags = var.access_tags enable_vpc_flow_logs = var.enable_vpc_flow_logs create_authorization_policy_vpc_to_cos = var.create_authorization_policy_vpc_to_cos existing_cos_instance_guid = module.cos_bucket[0].cos_instance_guid @@ -49,6 +50,7 @@ module "management_vpc" { region = var.region prefix = var.prefix tags = var.resource_tags + access_tags = var.access_tags } diff --git a/examples/landing_zone/variables.tf b/examples/landing_zone/variables.tf index ebd6d41e..4882eeb8 100644 --- a/examples/landing_zone/variables.tf +++ b/examples/landing_zone/variables.tf @@ -28,6 +28,11 @@ variable "resource_tags" { default = null } +variable "access_tags" { + type = list(string) + description = "Optional list of access tags to be added to the created Key Protect instance" + default = [] +} ############################################################################## # VPC flow logs variables diff --git a/landing-zone-submodule/management-vpc/README.md b/landing-zone-submodule/management-vpc/README.md index ebb9b29d..ca2a0679 100644 --- a/landing-zone-submodule/management-vpc/README.md +++ b/landing-zone-submodule/management-vpc/README.md @@ -27,6 +27,7 @@ No resources. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [access\_tags](#input\_access\_tags) | Optional list of access tags to be added to the created Key Protect instance | `list(string)` | `[]` | no | | [address\_prefixes](#input\_address\_prefixes) | Use `address_prefixes` only if `use_manual_address_prefixes` is true otherwise prefixes will not be created. Use only if you need to manage prefixes manually. | 
object({
    zone-1 = optional(list(string))
    zone-2 = optional(list(string))
    zone-3 = optional(list(string))
  })
| `null` | no | | [classic\_access](#input\_classic\_access) | Optionally allow VPC to access classic infrastructure network | `bool` | `null` | no | | [create\_authorization\_policy\_vpc\_to\_cos](#input\_create\_authorization\_policy\_vpc\_to\_cos) | Set it to true if authorization policy is required for VPC to access COS | `bool` | `false` | no | diff --git a/landing-zone-submodule/management-vpc/main.tf b/landing-zone-submodule/management-vpc/main.tf index 2158e154..d8dfcc67 100644 --- a/landing-zone-submodule/management-vpc/main.tf +++ b/landing-zone-submodule/management-vpc/main.tf @@ -6,6 +6,7 @@ module "management_vpc" { source = "../../" name = "management" tags = var.tags + access_tags = var.access_tags resource_group_id = var.resource_group_id region = var.region prefix = var.prefix diff --git a/landing-zone-submodule/management-vpc/variables.tf b/landing-zone-submodule/management-vpc/variables.tf index db22792d..a6a0ba7b 100644 --- a/landing-zone-submodule/management-vpc/variables.tf +++ b/landing-zone-submodule/management-vpc/variables.tf @@ -21,6 +21,11 @@ variable "tags" { default = [] } +variable "access_tags" { + type = list(string) + description = "Optional list of access tags to be added to the created Key Protect instance" + default = [] +} ############################################################################# # VPC variables diff --git a/landing-zone-submodule/workload-vpc/README.md b/landing-zone-submodule/workload-vpc/README.md index 85d6675e..945acb42 100644 --- a/landing-zone-submodule/workload-vpc/README.md +++ b/landing-zone-submodule/workload-vpc/README.md @@ -28,6 +28,7 @@ No resources. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [access\_tags](#input\_access\_tags) | Optional list of access tags to be added to the created Key Protect instance | `list(string)` | `[]` | no | | [address\_prefixes](#input\_address\_prefixes) | Use `address_prefixes` only if `use_manual_address_prefixes` is true otherwise prefixes will not be created. Use only if you need to manage prefixes manually. | 
object({
    zone-1 = optional(list(string))
    zone-2 = optional(list(string))
    zone-3 = optional(list(string))
  })
| `null` | no | | [classic\_access](#input\_classic\_access) | Optionally allow VPC to access classic infrastructure network | `bool` | `null` | no | | [create\_authorization\_policy\_vpc\_to\_cos](#input\_create\_authorization\_policy\_vpc\_to\_cos) | Set it to true if authorization policy is required for VPC to access COS | `bool` | `false` | no | diff --git a/landing-zone-submodule/workload-vpc/main.tf b/landing-zone-submodule/workload-vpc/main.tf index 9da5721e..0164328f 100644 --- a/landing-zone-submodule/workload-vpc/main.tf +++ b/landing-zone-submodule/workload-vpc/main.tf @@ -6,6 +6,7 @@ module "workload_vpc" { source = "../../" name = "workload" tags = var.tags + access_tags = var.access_tags resource_group_id = var.resource_group_id region = var.region prefix = var.prefix diff --git a/landing-zone-submodule/workload-vpc/variables.tf b/landing-zone-submodule/workload-vpc/variables.tf index c19c3fa6..523a3239 100644 --- a/landing-zone-submodule/workload-vpc/variables.tf +++ b/landing-zone-submodule/workload-vpc/variables.tf @@ -21,6 +21,12 @@ variable "tags" { default = [] } +variable "access_tags" { + type = list(string) + description = "Optional list of access tags to be added to the created Key Protect instance" + default = [] +} + ############################################################################# # VPC variables ############################################################################# diff --git a/main.tf b/main.tf index e9536f7e..550e392c 100644 --- a/main.tf +++ b/main.tf @@ -11,6 +11,7 @@ resource "ibm_is_vpc" "vpc" { default_security_group_name = var.default_security_group_name default_routing_table_name = var.default_routing_table_name tags = var.tags + access_tags = var.access_tags } ############################################################################## @@ -89,6 +90,7 @@ resource "ibm_is_public_gateway" "gateway" { resource_group = var.resource_group_id zone = each.value tags = var.tags + access_tags = var.access_tags } ############################################################################## @@ -123,6 +125,7 @@ resource "ibm_is_flow_log" "flow_logs" { storage_bucket = var.existing_storage_bucket_name resource_group = var.resource_group_id tags = var.tags + access_tags = var.access_tags } ############################################################################## diff --git a/module-metadata.json b/module-metadata.json index 49d341f7..23f2d67d 100644 --- a/module-metadata.json +++ b/module-metadata.json @@ -1,6 +1,30 @@ { "path": ".", "variables": { + "access_tags": { + "name": "access_tags", + "type": "list(string)", + "description": "A list of access tags to apply to the resources created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details", + "default": [], + "source": [ + "ibm_is_flow_log.flow_logs.access_tags", + "ibm_is_network_acl.network_acl.access_tags", + "ibm_is_public_gateway.gateway.access_tags", + "ibm_is_subnet.subnet.access_tags", + "ibm_is_vpc.vpc.access_tags" + ], + "pos": { + "filename": "variables.tf", + "line": 31 + }, + "min_length": 1, + "max_length": 128, + "matches": "^([A-Za-z0-9_.-]|[A-Za-z0-9_.-][A-Za-z0-9_ .-]*[A-Za-z0-9_.-]):([A-Za-z0-9_.-]|[A-Za-z0-9_.-][A-Za-z0-9_ .-]*[A-Za-z0-9_.-])$", + "computed": true, + "elem": { + "type": "TypeString" + } + }, "address_prefixes": { "name": "address_prefixes", "type": "object({\n zone-1 = optional(list(string))\n zone-2 = optional(list(string))\n zone-3 = optional(list(string))\n })", @@ -16,7 +40,7 @@ ], "pos": { "filename": "variables.tf", - "line": 67 + "line": 80 } }, "classic_access": { @@ -29,7 +53,7 @@ ], "pos": { "filename": "variables.tf", - "line": 43 + "line": 56 }, "immutable": true }, @@ -40,7 +64,7 @@ "default": false, "pos": { "filename": "variables.tf", - "line": 408 + "line": 421 } }, "default_network_acl_name": { @@ -52,7 +76,7 @@ ], "pos": { "filename": "variables.tf", - "line": 49 + "line": 62 }, "min_length": 1, "max_length": 63, @@ -68,7 +92,7 @@ ], "pos": { "filename": "variables.tf", - "line": 61 + "line": 74 }, "min_length": 1, "max_length": 63, @@ -84,7 +108,7 @@ ], "pos": { "filename": "variables.tf", - "line": 55 + "line": 68 }, "min_length": 1, "max_length": 63, @@ -102,7 +126,7 @@ ], "pos": { "filename": "variables.tf", - "line": 402 + "line": 415 } }, "existing_cos_instance_guid": { @@ -114,7 +138,7 @@ ], "pos": { "filename": "variables.tf", - "line": 414 + "line": 427 }, "immutable": true, "computed": true @@ -129,7 +153,7 @@ ], "pos": { "filename": "variables.tf", - "line": 420 + "line": 433 }, "immutable": true }, @@ -143,7 +167,7 @@ ], "pos": { "filename": "variables.tf", - "line": 426 + "line": 439 } }, "name": { @@ -174,7 +198,7 @@ ], "pos": { "filename": "variables.tf", - "line": 92 + "line": 105 } }, "network_cidr": { @@ -187,7 +211,7 @@ ], "pos": { "filename": "variables.tf", - "line": 37 + "line": 50 } }, "prefix": { @@ -257,7 +281,7 @@ ], "pos": { "filename": "variables.tf", - "line": 374 + "line": 387 } }, "security_group_rules": { @@ -276,7 +300,7 @@ ], "pos": { "filename": "variables.tf", - "line": 308 + "line": 321 } }, "subnets": { @@ -314,7 +338,7 @@ ], "pos": { "filename": "variables.tf", - "line": 245 + "line": 258 } }, "tags": { @@ -353,7 +377,7 @@ ], "pos": { "filename": "variables.tf", - "line": 219 + "line": 232 } } }, @@ -484,7 +508,7 @@ }, "pos": { "filename": "main.tf", - "line": 106 + "line": 108 } }, "ibm_is_flow_log.flow_logs": { @@ -492,6 +516,7 @@ "type": "ibm_is_flow_log", "name": "flow_logs", "attributes": { + "access_tags": "access_tags", "active": "is_flow_log_collector_active", "count": "enable_vpc_flow_logs", "name": "prefix", @@ -504,7 +529,7 @@ }, "pos": { "filename": "main.tf", - "line": 117 + "line": 119 } }, "ibm_is_network_acl.network_acl": { @@ -512,6 +537,7 @@ "type": "ibm_is_network_acl", "name": "network_acl", "attributes": { + "access_tags": "access_tags", "name": "prefix", "resource_group": "resource_group_id" }, @@ -528,6 +554,7 @@ "type": "ibm_is_public_gateway", "name": "gateway", "attributes": { + "access_tags": "access_tags", "name": "prefix", "resource_group": "resource_group_id", "tags": "tags" @@ -537,7 +564,7 @@ }, "pos": { "filename": "main.tf", - "line": 85 + "line": 86 } }, "ibm_is_security_group_rule.default_vpc_rule": { @@ -557,6 +584,7 @@ "type": "ibm_is_subnet", "name": "subnet", "attributes": { + "access_tags": "access_tags", "resource_group": "resource_group_id", "tags": "tags" }, @@ -573,6 +601,7 @@ "type": "ibm_is_vpc", "name": "vpc", "attributes": { + "access_tags": "access_tags", "address_prefix_management": "address_prefixes", "classic_access": "classic_access", "default_network_acl_name": "default_network_acl_name", @@ -599,7 +628,7 @@ }, "pos": { "filename": "main.tf", - "line": 31 + "line": 32 } }, "ibm_is_vpc_address_prefix.subnet_prefix": { @@ -626,7 +655,7 @@ }, "pos": { "filename": "main.tf", - "line": 50 + "line": 51 } }, "ibm_is_vpc_routing_table_route.routing_table_routes": { @@ -641,7 +670,7 @@ }, "pos": { "filename": "main.tf", - "line": 59 + "line": 60 } } }, @@ -655,7 +684,7 @@ }, "pos": { "filename": "main.tf", - "line": 39 + "line": 40 } } }, diff --git a/network_acls.tf b/network_acls.tf index 979c03f3..c30d0ef3 100644 --- a/network_acls.tf +++ b/network_acls.tf @@ -139,6 +139,7 @@ resource "ibm_is_network_acl" "network_acl" { name = "${var.prefix}-${each.key}" #already has name of vpc in each.key vpc = ibm_is_vpc.vpc.id resource_group = var.resource_group_id + access_tags = var.access_tags # Create ACL rules dynamic "rules" { diff --git a/subnet.tf b/subnet.tf index 6cd67f74..15e7be96 100644 --- a/subnet.tf +++ b/subnet.tf @@ -39,6 +39,7 @@ resource "ibm_is_subnet" "subnet" { network_acl = ibm_is_network_acl.network_acl[each.value.acl].id public_gateway = each.value.public_gateway tags = var.tags + access_tags = var.access_tags depends_on = [ibm_is_vpc_address_prefix.address_prefixes] } diff --git a/tests/pr_test.go b/tests/pr_test.go index fdac1d8f..1d7de464 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -1,9 +1,12 @@ package test import ( + "log" + "os" "testing" "github.com/stretchr/testify/assert" + "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/common" "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testhelper" ) @@ -11,12 +14,31 @@ const defaultExampleTerraformDir = "examples/default" const landingZoneExampleTerraformDir = "examples/landing_zone" const resourceGroup = "geretain-test-resources" +// Define a struct with fields that match the structure of the YAML data +const yamlLocation = "../common-dev-assets/common-go-assets/common-permanent-resources.yaml" + +var permanentResources map[string]interface{} + +func TestMain(m *testing.M) { + // Read the YAML file contents + var err error + permanentResources, err = common.LoadMapFromYaml(yamlLocation) + if err != nil { + log.Fatal(err) + } + + os.Exit(m.Run()) +} + func setupOptions(t *testing.T, prefix string, terraformDir string) *testhelper.TestOptions { options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{ Testing: t, TerraformDir: terraformDir, Prefix: prefix, ResourceGroup: resourceGroup, + TerraformVars: map[string]interface{}{ + "access_tags": permanentResources["accessTags"], + }, }) return options diff --git a/variables.tf b/variables.tf index 05b8c66b..821d9515 100644 --- a/variables.tf +++ b/variables.tf @@ -28,6 +28,19 @@ variable "tags" { default = null } +variable "access_tags" { + type = list(string) + description = "A list of access tags to apply to the resources created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details" + default = [] + + validation { + condition = alltrue([ + for tag in var.access_tags : can(regex("[\\w\\-_\\.]+:[\\w\\-_\\.]+", tag)) && length(tag) <= 128 + ]) + error_message = "Tags must match the regular expression \"[\\w\\-_\\.]+:[\\w\\-_\\.]+\", see https://cloud.ibm.com/docs/account?topic=account-tag&interface=ui#limits for more details" + } +} + ############################################################################## ############################################################################## From 5f612a37a93934bb1cb26612010391472472f727 Mon Sep 17 00:00:00 2001 From: Matthew Lemmond Date: Mon, 15 May 2023 12:19:52 -0400 Subject: [PATCH 2/3] refactor: fix var descriptions --- README.md | 2 +- examples/default/variables.tf | 2 +- examples/landing_zone/variables.tf | 2 +- landing-zone-submodule/management-vpc/README.md | 2 +- landing-zone-submodule/management-vpc/variables.tf | 2 +- landing-zone-submodule/workload-vpc/README.md | 2 +- landing-zone-submodule/workload-vpc/variables.tf | 2 +- module-metadata.json | 2 +- variables.tf | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index f23f78cf..5f8963ad 100644 --- a/README.md +++ b/README.md @@ -120,7 +120,7 @@ Optionally, you need the following permissions to attach Access Management tags | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [access\_tags](#input\_access\_tags) | A list of access tags to apply to the resources created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details | `list(string)` | `[]` | no | +| [access\_tags](#input\_access\_tags) | A list of access tags to apply to the VPC resources created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details | `list(string)` | `[]` | no | | [address\_prefixes](#input\_address\_prefixes) | OPTIONAL - IP range that will be defined for the VPC for a certain location. Use only with manual address prefixes | 
object({
    zone-1 = optional(list(string))
    zone-2 = optional(list(string))
    zone-3 = optional(list(string))
  })
| 
{
  "zone-1": null,
  "zone-2": null,
  "zone-3": null
}
| no | | [classic\_access](#input\_classic\_access) | OPTIONAL - Classic Access to the VPC | `bool` | `false` | no | | [clean\_default\_acl](#input\_clean\_default\_acl) | Remove all rules from the default VPC ACL (less permissive) | `bool` | `false` | no | diff --git a/examples/default/variables.tf b/examples/default/variables.tf index f968f93d..61ed761a 100644 --- a/examples/default/variables.tf +++ b/examples/default/variables.tf @@ -36,7 +36,7 @@ variable "resource_tags" { variable "access_tags" { type = list(string) - description = "Optional list of access tags to be added to the created Key Protect instance" + description = "Optional list of access tags to be added to the created VPC resources" default = [] } diff --git a/examples/landing_zone/variables.tf b/examples/landing_zone/variables.tf index 4882eeb8..69e06384 100644 --- a/examples/landing_zone/variables.tf +++ b/examples/landing_zone/variables.tf @@ -30,7 +30,7 @@ variable "resource_tags" { variable "access_tags" { type = list(string) - description = "Optional list of access tags to be added to the created Key Protect instance" + description = "Optional list of access tags to be added to the created VPC resources" default = [] } diff --git a/landing-zone-submodule/management-vpc/README.md b/landing-zone-submodule/management-vpc/README.md index 5ff739e1..bb0c1756 100644 --- a/landing-zone-submodule/management-vpc/README.md +++ b/landing-zone-submodule/management-vpc/README.md @@ -27,7 +27,7 @@ No resources. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [access\_tags](#input\_access\_tags) | Optional list of access tags to be added to the created Key Protect instance | `list(string)` | `[]` | no | +| [access\_tags](#input\_access\_tags) | Optional list of access tags to be added to the created VPC resources | `list(string)` | `[]` | no | | [address\_prefixes](#input\_address\_prefixes) | Use `address_prefixes` only if `use_manual_address_prefixes` is true otherwise prefixes will not be created. Use only if you need to manage prefixes manually. | 
object({
    zone-1 = optional(list(string))
    zone-2 = optional(list(string))
    zone-3 = optional(list(string))
  })
| `null` | no | | [classic\_access](#input\_classic\_access) | Optionally allow VPC to access classic infrastructure network | `bool` | `null` | no | | [clean\_default\_acl](#input\_clean\_default\_acl) | Remove all rules from the default VPC ACL (less permissive) | `bool` | `false` | no | diff --git a/landing-zone-submodule/management-vpc/variables.tf b/landing-zone-submodule/management-vpc/variables.tf index f324f431..3f642f62 100644 --- a/landing-zone-submodule/management-vpc/variables.tf +++ b/landing-zone-submodule/management-vpc/variables.tf @@ -23,7 +23,7 @@ variable "tags" { variable "access_tags" { type = list(string) - description = "Optional list of access tags to be added to the created Key Protect instance" + description = "Optional list of access tags to be added to the created VPC resources" default = [] } diff --git a/landing-zone-submodule/workload-vpc/README.md b/landing-zone-submodule/workload-vpc/README.md index 1eda9665..0de6030c 100644 --- a/landing-zone-submodule/workload-vpc/README.md +++ b/landing-zone-submodule/workload-vpc/README.md @@ -28,7 +28,7 @@ No resources. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [access\_tags](#input\_access\_tags) | Optional list of access tags to be added to the created Key Protect instance | `list(string)` | `[]` | no | +| [access\_tags](#input\_access\_tags) | Optional list of access tags to be added to the created VPC resources | `list(string)` | `[]` | no | | [address\_prefixes](#input\_address\_prefixes) | Use `address_prefixes` only if `use_manual_address_prefixes` is true otherwise prefixes will not be created. Use only if you need to manage prefixes manually. | 
object({
    zone-1 = optional(list(string))
    zone-2 = optional(list(string))
    zone-3 = optional(list(string))
  })
| `null` | no | | [classic\_access](#input\_classic\_access) | Optionally allow VPC to access classic infrastructure network | `bool` | `null` | no | | [clean\_default\_acl](#input\_clean\_default\_acl) | Remove all rules from the default VPC ACL (less permissive) | `bool` | `false` | no | diff --git a/landing-zone-submodule/workload-vpc/variables.tf b/landing-zone-submodule/workload-vpc/variables.tf index 3085b315..4647637e 100644 --- a/landing-zone-submodule/workload-vpc/variables.tf +++ b/landing-zone-submodule/workload-vpc/variables.tf @@ -23,7 +23,7 @@ variable "tags" { variable "access_tags" { type = list(string) - description = "Optional list of access tags to be added to the created Key Protect instance" + description = "Optional list of access tags to be added to the created VPC resources" default = [] } diff --git a/module-metadata.json b/module-metadata.json index 8d939f9d..8e4b9f4a 100644 --- a/module-metadata.json +++ b/module-metadata.json @@ -4,7 +4,7 @@ "access_tags": { "name": "access_tags", "type": "list(string)", - "description": "A list of access tags to apply to the resources created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details", + "description": "A list of access tags to apply to the VPC resources created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details", "default": [], "source": [ "ibm_is_flow_log.flow_logs.access_tags", diff --git a/variables.tf b/variables.tf index a264ad75..90ec988e 100644 --- a/variables.tf +++ b/variables.tf @@ -30,7 +30,7 @@ variable "tags" { variable "access_tags" { type = list(string) - description = "A list of access tags to apply to the resources created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details" + description = "A list of access tags to apply to the VPC resources created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details" default = [] validation { From c1b7d47b26dd79c8fa012da604943e239ab581ba Mon Sep 17 00:00:00 2001 From: Matthew Lemmond Date: Thu, 18 May 2023 10:53:39 -0400 Subject: [PATCH 3/3] refactor: cleanup variable descriptions SKIP UPGRADE TEST due to new variable being passed in test --- README.md | 4 ++-- examples/default/variables.tf | 2 +- examples/landing_zone/variables.tf | 2 +- landing-zone-submodule/management-vpc/README.md | 2 +- landing-zone-submodule/management-vpc/variables.tf | 2 +- landing-zone-submodule/workload-vpc/README.md | 2 +- landing-zone-submodule/workload-vpc/variables.tf | 2 +- module-metadata.json | 2 +- variables.tf | 4 ++-- 9 files changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 5f8963ad..42308185 100644 --- a/README.md +++ b/README.md @@ -67,7 +67,7 @@ You need the following permissions to run this module. - **Resource Group** \ - `Viewer` resource group access -Optionally, you need the following permissions to attach Access Management tags to resources in this module. +To attach access management tags to resources in this module, you need the following permissions. - IAM Services - **Tagging** service @@ -120,7 +120,7 @@ Optionally, you need the following permissions to attach Access Management tags | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [access\_tags](#input\_access\_tags) | A list of access tags to apply to the VPC resources created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details | `list(string)` | `[]` | no | +| [access\_tags](#input\_access\_tags) | A list of access tags to apply to the VPC resources created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. | `list(string)` | `[]` | no | | [address\_prefixes](#input\_address\_prefixes) | OPTIONAL - IP range that will be defined for the VPC for a certain location. Use only with manual address prefixes | 
object({
    zone-1 = optional(list(string))
    zone-2 = optional(list(string))
    zone-3 = optional(list(string))
  })
| 
{
  "zone-1": null,
  "zone-2": null,
  "zone-3": null
}
| no | | [classic\_access](#input\_classic\_access) | OPTIONAL - Classic Access to the VPC | `bool` | `false` | no | | [clean\_default\_acl](#input\_clean\_default\_acl) | Remove all rules from the default VPC ACL (less permissive) | `bool` | `false` | no | diff --git a/examples/default/variables.tf b/examples/default/variables.tf index 61ed761a..b347d595 100644 --- a/examples/default/variables.tf +++ b/examples/default/variables.tf @@ -36,7 +36,7 @@ variable "resource_tags" { variable "access_tags" { type = list(string) - description = "Optional list of access tags to be added to the created VPC resources" + description = "Optional list of access tags to add to the VPC resources that are created" default = [] } diff --git a/examples/landing_zone/variables.tf b/examples/landing_zone/variables.tf index 69e06384..d895c8b5 100644 --- a/examples/landing_zone/variables.tf +++ b/examples/landing_zone/variables.tf @@ -30,7 +30,7 @@ variable "resource_tags" { variable "access_tags" { type = list(string) - description = "Optional list of access tags to be added to the created VPC resources" + description = "Optional list of access tags to add to the VPC resources that are created" default = [] } diff --git a/landing-zone-submodule/management-vpc/README.md b/landing-zone-submodule/management-vpc/README.md index bb0c1756..dd8fb75f 100644 --- a/landing-zone-submodule/management-vpc/README.md +++ b/landing-zone-submodule/management-vpc/README.md @@ -27,7 +27,7 @@ No resources. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [access\_tags](#input\_access\_tags) | Optional list of access tags to be added to the created VPC resources | `list(string)` | `[]` | no | +| [access\_tags](#input\_access\_tags) | Optional list of access tags to add to the VPC resources that are created | `list(string)` | `[]` | no | | [address\_prefixes](#input\_address\_prefixes) | Use `address_prefixes` only if `use_manual_address_prefixes` is true otherwise prefixes will not be created. Use only if you need to manage prefixes manually. | 
object({
    zone-1 = optional(list(string))
    zone-2 = optional(list(string))
    zone-3 = optional(list(string))
  })
| `null` | no | | [classic\_access](#input\_classic\_access) | Optionally allow VPC to access classic infrastructure network | `bool` | `null` | no | | [clean\_default\_acl](#input\_clean\_default\_acl) | Remove all rules from the default VPC ACL (less permissive) | `bool` | `false` | no | diff --git a/landing-zone-submodule/management-vpc/variables.tf b/landing-zone-submodule/management-vpc/variables.tf index 3f642f62..55d39ecb 100644 --- a/landing-zone-submodule/management-vpc/variables.tf +++ b/landing-zone-submodule/management-vpc/variables.tf @@ -23,7 +23,7 @@ variable "tags" { variable "access_tags" { type = list(string) - description = "Optional list of access tags to be added to the created VPC resources" + description = "Optional list of access tags to add to the VPC resources that are created" default = [] } diff --git a/landing-zone-submodule/workload-vpc/README.md b/landing-zone-submodule/workload-vpc/README.md index 0de6030c..143ab086 100644 --- a/landing-zone-submodule/workload-vpc/README.md +++ b/landing-zone-submodule/workload-vpc/README.md @@ -28,7 +28,7 @@ No resources. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [access\_tags](#input\_access\_tags) | Optional list of access tags to be added to the created VPC resources | `list(string)` | `[]` | no | +| [access\_tags](#input\_access\_tags) | Optional list of access tags to add to the VPC resources that are created | `list(string)` | `[]` | no | | [address\_prefixes](#input\_address\_prefixes) | Use `address_prefixes` only if `use_manual_address_prefixes` is true otherwise prefixes will not be created. Use only if you need to manage prefixes manually. | 
object({
    zone-1 = optional(list(string))
    zone-2 = optional(list(string))
    zone-3 = optional(list(string))
  })
| `null` | no | | [classic\_access](#input\_classic\_access) | Optionally allow VPC to access classic infrastructure network | `bool` | `null` | no | | [clean\_default\_acl](#input\_clean\_default\_acl) | Remove all rules from the default VPC ACL (less permissive) | `bool` | `false` | no | diff --git a/landing-zone-submodule/workload-vpc/variables.tf b/landing-zone-submodule/workload-vpc/variables.tf index 4647637e..175c9bde 100644 --- a/landing-zone-submodule/workload-vpc/variables.tf +++ b/landing-zone-submodule/workload-vpc/variables.tf @@ -23,7 +23,7 @@ variable "tags" { variable "access_tags" { type = list(string) - description = "Optional list of access tags to be added to the created VPC resources" + description = "Optional list of access tags to add to the VPC resources that are created" default = [] } diff --git a/module-metadata.json b/module-metadata.json index 8e4b9f4a..caa901f6 100644 --- a/module-metadata.json +++ b/module-metadata.json @@ -4,7 +4,7 @@ "access_tags": { "name": "access_tags", "type": "list(string)", - "description": "A list of access tags to apply to the VPC resources created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details", + "description": "A list of access tags to apply to the VPC resources created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial.", "default": [], "source": [ "ibm_is_flow_log.flow_logs.access_tags", diff --git a/variables.tf b/variables.tf index 90ec988e..4f2065c1 100644 --- a/variables.tf +++ b/variables.tf @@ -30,14 +30,14 @@ variable "tags" { variable "access_tags" { type = list(string) - description = "A list of access tags to apply to the VPC resources created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details" + description = "A list of access tags to apply to the VPC resources created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial." default = [] validation { condition = alltrue([ for tag in var.access_tags : can(regex("[\\w\\-_\\.]+:[\\w\\-_\\.]+", tag)) && length(tag) <= 128 ]) - error_message = "Tags must match the regular expression \"[\\w\\-_\\.]+:[\\w\\-_\\.]+\", see https://cloud.ibm.com/docs/account?topic=account-tag&interface=ui#limits for more details" + error_message = "Tags must match the regular expression \"[\\w\\-_\\.]+:[\\w\\-_\\.]+\". For more information, see https://cloud.ibm.com/docs/account?topic=account-tag&interface=ui#limits." } }