Merge pull request #19 from unifio/wc-updates

Updates for TF 0.8.X

.env.docker

@@ -0,0 +1,7 @@
+AWS_REGION=us-east-2
+COVALENCE_PACKER_DIR=./
+COVALENCE_TERRAFORM_DIR=./
+COVALENCE_TEST_ENVS=basic,complete
+CHECKPOINT_DISABLE=1
+GODEBUG=netdns=cgo
+USER=root

.gitignore

@@ -1,3 +1,4 @@
 *.tfstate*
 .terraform/
 .env
+spec/reports/**

.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+  "editor.renderWhitespace": "all",
+  "files.insertFinalNewline": true,
+  "files.trimTrailingWhitespace": true
+}

CHANGELOG.md

@@ -1,4 +1,65 @@
-## Unreleased
+#### Consider Implementing:
+* ipv6 support
+
+## 0.3.0 (April 3, 2017)
+
+#### BACKWARDS INCOMPATIBILITIES / NOTES:
+* Enabled complex variable types, which are only supported in Terraform 0.7.0 and newer.
+* The following input variables have been removed
+ * peer module
+  * `multi_acct`
+* The following input variables have been changed:
+ * az module
+  * `az (string, required)` -> `azs (list, optional)`
+  * `dmz_cidr (string, required)` -> `dmz_cidrs (list, optional)`
+  * `lan_cidr (string, required)` -> `lan_cidrs (list, optional)`
+  * `vgw_ids (string, optional` - > `vgw_ids (list, optional)`
+ * dhcp module
+  * `name_servers (string, optional)` -> `name_servers (list, optional)`
+  * `netbios_name_servers (string, optional)` -> `netbios_name_servers (list, optional)`
+  * `ntp_servers (string, optional)` -> `ntp_servers (list, optional)`
+ * peer module
+  * `peer_owner_id (string, required)` -> `accepter_owner_id (string, optional)`
+  * `peer_vpc_id (string, required)` -> `accepter_vpc_id (string, optional)`
+  * `vpc_id (string, required)` -> `requester_vpc_id (string, optional)`
+* The following output variables have been changed:
+ * az module
+  * `dmz_cidr (string)` -> `dmz_cidrs (string)`
+  * `dmz_id (string)` -> `dmz_ids (string)`
+  * `eip_nat_id (string)` -> `eip_nat_ids (string)`
+  * `eip_nat_ip (string)` -> `eip_nat_ips (string)`
+  * `lan_id (string)` -> `lan_ids (string)`
+  * `lan_cidr (string)` -> `lan_cidrs (string)`
+  * `nat_id (string)` -> `nat_ids (string)`
+ * base module
+  * `dmz_subnet_id (string)` -> `dmz_subnet_ids (string)`
+  * `lan_subnet_id (string)` -> `lan_subnet_ids (string)`
+  * `lan_rt_id (string)` -> `lan_rt_ids (string)`
+
+#### IMPROVEMENTS / NEW FEATURES:
+* Added conditional support for the following parameters:
+ * az module
+  * `azs`
+  * `dmz_cidrs`
+  * `enable_dmz_public_ips`
+  * `nat_key_name`
+ * base module
+  * `enable_classiclink`
+  * `enable_dns`
+  * `enable_hostnames`
+  * `instance_tenancy`
+ * peer module
+  * `accepter_allow_clasic_link_to_remote`
+  * `accepter_allow_to_remote_classic_link`
+  * `accepter_auto_accept`
+  * `requester_allow_clasic_link_to_remote`
+  * `requester_allow_to_remote_classic_link`
+ * vpg module
+  * `availability_zone`
+
+* Added support for AZ auto-provisioning.
+* Re-enabled support for EC2 based NATs.
+* Added conditional support for EIPs with EC2 based NATs.
 
 ## 0.2.5 (October 7, 2016)
 

README.md

@@ -9,7 +9,7 @@ Module stack that supports full AWS VPC deployment.  Users can provision a basic
 
 ## Requirements ##
 
-- Terraform 0.6.16 or newer
+- Terraform 0.8.0 or newer
 - AWS provider
 
 ## Base Module ##
@@ -35,11 +35,11 @@ The Base module provisions the VPC, attaches an Internet Gateway, and creates NA
 module "vpc_base" {
   source = "github.com/unifio/terraform-aws-vpc?ref=master//base"
 
-  enable_dns          = true
-  enable_hostnames    = false
-  stack_item_fullname = "Stack Item Description"
-  stack_item_label    = "mystack1"
-  vpc_cidr            = "10.10.0.0/22"
+  enable_dns          = "true"
+  enable_hostnames    = "false"
+  stack_item_fullname = "My Stack"
+  stack_item_label    = "mystck"
+  vpc_cidr            = "172.16.0.0/21"
 }
 ```
 
@@ -74,12 +74,12 @@ module "dhcp" {
   source = "github.com/terraform-aws-vpc?ref=master//dhcp"
 
   domain_name          = "mydomain.com"
-  name_servers         = "10.128.8.10"
-  netbios_name_servers = "10.128.8.10"
+  name_servers         = ["172.16.0.2"]
+  netbios_name_servers = ["172.16.0.2"]
   netbios_node_type    = 2
-  ntp_servers          = "10.128.8.10"
-  stack_item_fullname  = "myname"
-  stack_item_label     = "mystack1"
+  ntp_servers          = ["172.16.0.2"]
+  stack_item_fullname  = "My Stack"
+  stack_item_label     = "mystck"
   vpc_id               = "${module.vpc_base.vpc_id}"
 }
 ```
@@ -96,8 +96,8 @@ Creates a VPC VPN Gateway
 
 - `stack_item_fullname` - Long form descriptive name for this stack item.  This value is used to create the "application" resource tag for resources created by this stack item.
 - `stack_item_label` - Short form identifier for this stack.  This value is used to create the "Name" resource tag for resources created by this stack item, and also serves as a unique key for re-use.
-- `vpc_attach` - Specifies whether the VPG should be associated with a VPC. Valid value: 0 or 1. Defaults to 0 (unattached).
-- `vpc_id` - The VPC to associate the VPG with.
+- `vpc_attach` - (Optional) Specifies whether the VPG should be associated with a VPC.
+- `vpc_id` - (Optional) The VPC to associate the VPG with.
 
 ### Usage
 
@@ -107,8 +107,8 @@ The usage examples may assume that previous modules in this stack have already b
 module "vpg" {
   source = "github.com/terraform-aws-vpc?ref=master//vpg"
 
-  stack_item_fullname = "Stack Item Description"
-  stack_item_label    = "mystack1"
+  stack_item_fullname = "My Stack"
+  stack_item_label    = "mystck"
   vpc_attach          = 1
   vpc_id              = "${module.vpc_base.vpc_id}"
 }
@@ -124,14 +124,18 @@ In each Availability Zone provided, this module provisions subnets and routing t
 
 ### Input Variables ###
 
-- `az` - Availability zone(s).  Will accept a comma delimited string.
-- `dmz_cidr` - The CIDR block(s) you want the DMZ subnet(s) to cover.  Will accept a comma delimited string.  This list should correspond 1:1 to each AZ.
-- `enable_dmz_public_ips` - (Optional) Specify true to indicate that instances launched into the DMZ subnet should be assigned a public IP address.  Defaults to true.
-- `lan_cidr` - The CIDR block(s) you want the LAN subnet(s) to cover.  Will accept a comma delimited string.  This list should correspond 1:1 to each AZ.
-- `lans_per_az` - (Optional) The number of private LAN subnets to be provisioned per AZ.  You will need to double the CIDR blocks specified in the `lan_cidr` variable for each increase in this value.  Defaults to 1.
-- `region` - The AWS region.
+- `azs_provisioned` - (Optional) The number of availability zones to be provisioned. Either this or **azs\_provisioned\_override** must be specified.
+- `azs_provisioned_override` - List of availability zone letters to be provisioned. Useful in regions where not all AZs are VPC ready. Either this or **azs_provisioned** must be specified.
+- `dmz_cidrs` - (Optional) The CIDR block(s) you want the DMZ subnet(s) to cover.
+- `enable_dmz_public_ips` - (Optional) Specify true to indicate that instances launched into the DMZ subnet should be assigned a public IP address.
+- `lan_cidrs` - (Optional) The CIDR block(s) you want the LAN subnet(s) to cover.
+- `lans_per_az` - (Optional) The number of private LAN subnets to be provisioned per AZ. Auto-provisioning will support up to 2 LANs without the need for overrides.
+- `nat_ami_override` - (Optional) Custom NAT Amazon machine image.
+- `nat_eips_enabled` - (Optional) Flag for specifying allocation of Elastic IPs to NATs for the purposes of whitelisting. This value is overriden to 'true' when utilizing NAT gateways.
+- `nat_gateways_enabled` - (Optional) Flag for specifying utilization of managed NAT gateways over EC2 based NAT instances.
+- `nat_instance_type` - (Default: t2.nano) NAT EC2 instance type.
+- `nat_key_name` - (Optional) NAT EC2 key pair name.
 - `rt_dmz_id` - The ID of the DMZ routing table.
-- `rt_vgw_prop` - (Optional) Specifies whether virtual gateway route propagation should be enabled on the routing table(s). Valid values: 0 or 1. Defaults to 0 (disabled).
 - `stack_item_fullname` - Long form descriptive name for this stack item.  This value is used to create the "application" resource tag for resources created by this stack item.
 - `stack_item_label` - Short form identifier for this stack.  This value is used to create the "Name" resource tag for resources created by this stack item, and also serves as a unique key for re-use.
 - `vgw_ids` - (Optional) A list of virtual gateways to associate with the routing tables for route propagation.
@@ -145,48 +149,47 @@ The usage examples may assume that previous modules in this stack have already b
 module "az" {
   source = "github.com/unifio/terraform-aws-vpc?ref=master//az"
 
-  az                    = "a,b"
-  dmz_cidr              = "10.10.0.0/25,10.10.0.128/25,10.10.1.0/25"
-  enable_dmz_public_ips = true
-  lan_cidr              = "10.10.2.0/25,10.10.2.128/25,10.10.3.0/25"
-  lans_per_az           = "1"
-  region                = "us-west-2"
+  azs_provisioned       = 2
+  enable_dmz_public_ips = "true"
   rt_dmz_id             = "${module.vpc_base.rt_dmz_id}"
-  rt_vgw_prop           = 1
-  stack_item_fullname   = "Stack Item Description"
-  stack_item_label      = "mystack1"
+  stack_item_fullname   = "My Stack"
+  stack_item_label      = "mystck"
   vgw_ids               = "${aws_vpn_gateway.vpg.id}"
-  vpc_id                = "${module.vpc_base.vpc_id}" 
+  vpc_id                = "${module.vpc_base.vpc_id}"
 }
 ```
 
 ### Outputs ###
 
 ** The order and association of the IDs match the order of the availability zones passed to the module.
 
-- `dmz_id` - List of subnet IDs of the DMZ subnetworks.
-- `lan_id` - List of subnet IDs of the LAN subnetworks.
-- `dmz_cidr` - List of subnet CIDR blocks of the DMZ subnetworks.
-- `lan_cidr` - List of subnet CIDR blocks of the LAN subnetworks.
-- `eip_nat_id` - List of Elastic IP IDs for each of the NAT gateways.
-- `nat_id` - List of NAT gateways IDs.
-- `eip_nat_ip` - List of NAT gateway public IPs.
-- `rt_lan_id` - List of routing table IDs for the LAN subnets.
+- `dmz_ids` - Comma-delimeted list of subnet IDs of the DMZ subnetworks.
+- `lan_ids` - Comma-delimeted list of subnet IDs of the LAN subnetworks.
+- `dmz_cidrs` - Comma-delimeted list of subnet CIDR blocks of the DMZ subnetworks.
+- `lan_cidrs` - Comma-delimeted list of subnet CIDR blocks of the LAN subnetworks.
+- `eip_nat_ids` - Comma-delimeted list of Elastic IP IDs for each of the NAT gateways.
+- `nat_ids` - Comma-delimeted list of NAT gateways IDs.
+- `eip_nat_ips` - Comma-delimeted list of NAT gateway public IPs.
+- `rt_lan_ids` - Comma-delimeted list of routing table IDs for the LAN subnets.
 
 ## Peer Module ##
 
 Creates a VPC peering connection
 
 ### Input Variables
 
+- `accepter_allow_classic_link_to_remote` - Allow a local linked EC2-Classic instance to communicate with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection to the remote VPC.
 - `accepter_allow_remote_dns` - Allow accepter VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC.
-- `multi_acct` - Flag indicating whether the peering connection spans multiple AWS accounts.
-- `peer_owner_id` - The AWS account ID of the owner of the peer VPC.
-- `peer_vpc_id` - The ID of the VPC with which you are creating the VPC Peering Connection.
-- `requester_allow_remote_dns` - Allow requester VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the accepter VPC.
+- `accepter_allow_to_remote_classic_link` - Allow a local VPC to communicate with a linked EC2-Classic instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink connection.
+- `accepter_auto_accept` - Accept the peering (both VPCs need to be in the same AWS account).
+- `accepter_owner_id` - The AWS account ID of the owner of the peer VPC.
+- `accepter_vpc_id` - The ID of the VPC with which you are creating the VPC Peering Connection.
+- `requester_allow_classic_link_to_remote` - Allow a local linked EC2-Classic instance to communicate with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection to the remote VPC.
+- `requester_allow_remote_dns` - Allow accepter VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC.
+- `requester_allow_to_remote_classic_link` - Allow a local VPC to communicate with a linked EC2-Classic instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink connection.
+- `requester_vpc_id` - The ID of the requester VPC.
 - `stack_item_fullname` - Long form descriptive name for this stack item.  This value is used to create the "application" resource tag for resources created by this stack item.
 - `stack_item_label` - Short form identifier for this stack.  This value is used to create the "Name" resource tag for resources created by this stack item, and also serves as a unique key for re-use.
-- `vpc_id` - The ID of the requester VPC.
 
 ### Usage
 
@@ -196,13 +199,13 @@ The usage examples may assume that previous modules in this stack have already b
 module "vpc_peer" {
   source = "github.com/terraform-aws-vpc?ref=master//peer"
 
-  accepter_allow_remote_dns  = false
-  peer_owner_id              = "${var.peer_owner_id}"
-  peer_vpc_id                = "${var.peer_vpc_id}"
-  requester_allow_remote_dns = true
+  accepter_allow_remote_dns  = "false"
+  accepter_owner_id          = "${var.peer_owner_id}"
+  accepter_vpc_id            = "${var.peer_vpc_id}"
+  requester_allow_remote_dns = "true"
+  requester_vpc_id           = "${var.owner_vpc_id}"
   stack_item_fullname        = "${var.stack_item_fullname}"
   stack_item_label           = "${var.stack_item_label}"
-  vpc_id                     = "${var.owner_vpc_id}"
 }
 ```
 

Rakefile

@@ -1,53 +1,4 @@
 require 'rake'
-require 'dotenv'
-
-Dotenv.load(".env")
-
-task :default => :verify
-
-desc "Verify the stack"
-task :verify do
-
-  %w(basic full_stack).each do |stack|
-    task_args = {:stack => stack, :tf_img => ENV['TF_IMG'], :tf_cmd => ENV['TF_CMD']}
-    Rake::Task['clean'].execute(Rake::TaskArguments.new(task_args.keys, task_args.values))
-    Rake::Task['check_style'].execute(Rake::TaskArguments.new(task_args.keys, task_args.values))
-    Rake::Task['get'].execute(Rake::TaskArguments.new(task_args.keys, task_args.values))
-    Rake::Task['plan'].execute(Rake::TaskArguments.new(task_args.keys, task_args.values))
-  end
-end
-
-desc "Remove existing local state if present"
-task :clean, [:stack] do |t, args|
-  sh "cd examples/#{args['stack']} && rm -fr .terraform *.tfstate*"
-end
-
-desc "Check style"
-task :check_style, [:stack, :tf_img, :tf_cmd] do |t, args|
-  sh "[ $(#{args['tf_cmd']} -v `pwd`:/data -w /data/examples/#{args['stack']} #{args['tf_img']} fmt -write=false | wc -l) -eq 0 ]"
-end
-
-desc "Create execution plan"
-task :plan, [:stack, :tf_img, :tf_cmd] do |t, args|
-  sh "#{args['tf_cmd']} -v `pwd`:/data -w /data/examples/#{args['stack']} #{args['tf_img']} plan -module-depth=-1 -input=false -var-file /data/examples/#{args['stack']}.tfvars"
-end
-
-desc "Get modules"
-task :get, [:stack, :tf_img, :tf_cmd] do |t, args|
-  sh "#{args['tf_cmd']} -v `pwd`:/data -w /data/examples/#{args['stack']} #{args['tf_img']} get"
-end
-
-desc "Get output"
-task :output, [:stack, :tf_img, :tf_cmd, :output] do |t, args|
-  sh "#{args['tf_cmd']} -v `pwd`:/data -w /data/examples/#{args['stack']} #{args['tf_img']} output #{args['output']}"
-end
-
-desc "Apply stack"
-task :apply, [:stack, :tf_img, :tf_cmd, :var_file] do |t, args|
-  sh "#{args['tf_cmd']} -v `pwd`:/data -w /data/examples/#{args['stack']} #{args['tf_img']} apply -var-file /data/examples/#{args['var_file']}"
-end
-
-desc "Destroy stack"
-task :destroy, [:stack, :tf_img, :tf_cmd, :var_file] do |t, args|
-  sh "#{args['tf_cmd']} -v `pwd`:/data -w /data/examples/#{args['stack']} #{args['tf_img']} destroy -force -var-file /data/examples/#{args['var_file']}"
-end
+require 'covalence/environment_tasks'
+require 'covalence/packer_tasks'
+require 'covalence/spec_tasks'