Add option to specify epg nd ra prefix policy

netascode · Nov 11, 2023 · 8228a83 · 8228a83
1 parent 309085e
commit 8228a83
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 20 deletions.
diff --git a/aci_tenants.tf b/aci_tenants.tf
@@ -297,18 +297,19 @@ locals {
             application_profile = try(master.application_profile, "${ap.name}${local.defaults.apic.tenants.application_profiles.name_suffix}")
           }]
           subnets = [for subnet in try(epg.subnets, []) : {
-            description        = try(subnet.description, "")
-            ip                 = subnet.ip
-            public             = try(subnet.public, local.defaults.apic.tenants.application_profiles.endpoint_groups.subnets.public)
-            shared             = try(subnet.shared, local.defaults.apic.tenants.application_profiles.endpoint_groups.subnets.shared)
-            igmp_querier       = try(subnet.igmp_querier, local.defaults.apic.tenants.application_profiles.endpoint_groups.subnets.igmp_querier)
-            nd_ra_prefix       = try(subnet.nd_ra_prefix, local.defaults.apic.tenants.application_profiles.endpoint_groups.subnets.nd_ra_prefix)
-            no_default_gateway = try(subnet.no_default_gateway, local.defaults.apic.tenants.application_profiles.endpoint_groups.subnets.no_default_gateway)
-            next_hop_ip        = try(subnet.next_hop_ip, "")
-            anycast_mac        = try(subnet.anycast_mac, "")
-            nlb_group          = try(subnet.nlb_group, "0.0.0.0")
-            nlb_mac            = try(subnet.nlb_mac, "00:00:00:00:00:00")
-            nlb_mode           = try(subnet.nlb_mode, "")
+            description         = try(subnet.description, "")
+            ip                  = subnet.ip
+            public              = try(subnet.public, local.defaults.apic.tenants.application_profiles.endpoint_groups.subnets.public)
+            shared              = try(subnet.shared, local.defaults.apic.tenants.application_profiles.endpoint_groups.subnets.shared)
+            igmp_querier        = try(subnet.igmp_querier, local.defaults.apic.tenants.application_profiles.endpoint_groups.subnets.igmp_querier)
+            nd_ra_prefix        = try(subnet.nd_ra_prefix, local.defaults.apic.tenants.application_profiles.endpoint_groups.subnets.nd_ra_prefix)
+            no_default_gateway  = try(subnet.no_default_gateway, local.defaults.apic.tenants.application_profiles.endpoint_groups.subnets.no_default_gateway)
+            nd_ra_prefix_policy = try("${subnet.nd_ra_prefix_policy}${local.defaults.apic.tenants.policies.nd_ra_prefix_policies.name_suffix}", "")
+            next_hop_ip         = try(subnet.next_hop_ip, "")
+            anycast_mac         = try(subnet.anycast_mac, "")
+            nlb_group           = try(subnet.nlb_group, "0.0.0.0")
+            nlb_mac             = try(subnet.nlb_mac, "00:00:00:00:00:00")
+            nlb_mode            = try(subnet.nlb_mode, "")
             ip_pools = [for pool in try(subnet.ip_pools, []) : {
               name              = "${pool.name}${local.defaults.apic.tenants.application_profiles.endpoint_groups.subnets.ip_pools.name_suffix}"
               start_ip          = try(pool.start_ip, "")

diff --git a/modules/terraform-aci-endpoint-group/README.md b/modules/terraform-aci-endpoint-group/README.md
@@ -139,7 +139,7 @@ module "aci_endpoint_group" {
 | <a name="input_contract_intra_epgs"></a> [contract\_intra\_epgs](#input\_contract\_intra\_epgs) | List of intra-EPG contracts. | `list(string)` | `[]` | no |
 | <a name="input_contract_masters"></a> [contract\_masters](#input\_contract\_masters) | List of EPG contract masters. | <pre>list(object({<br>    endpoint_group      = string<br>    application_profile = optional(string, "")<br>  }))</pre> | `[]` | no |
 | <a name="input_physical_domains"></a> [physical\_domains](#input\_physical\_domains) | List of physical domains. | `list(string)` | `[]` | no |
-| <a name="input_subnets"></a> [subnets](#input\_subnets) | List of subnets. Default value `public`: `false`. Default value `shared`: `false`. Default value `igmp_querier`: `false`. Default value `nd_ra_prefix`: `true`. Default value `no_default_gateway`: `false`. `nlb_mode` allowed values: `mode-mcast-igmp`, `mode-uc` or `mode-mcast-static`. | <pre>list(object({<br>    description        = optional(string, "")<br>    ip                 = string<br>    public             = optional(bool, false)<br>    shared             = optional(bool, false)<br>    igmp_querier       = optional(bool, false)<br>    nd_ra_prefix       = optional(bool, true)<br>    no_default_gateway = optional(bool, false)<br>    ip_pools = optional(list(object({<br>      name              = string<br>      start_ip          = optional(string, "")<br>      end_ip            = optional(string, "")<br>      dns_search_suffix = optional(string, "")<br>      dns_server        = optional(string, "")<br>      dns_suffix        = optional(string, "")<br>      wins_server       = optional(string, "")<br>    })), [])<br>    next_hop_ip = optional(string, "")<br>    anycast_mac = optional(string, "")<br>    nlb_group   = optional(string, "0.0.0.0")<br>    nlb_mac     = optional(string, "00:00:00:00:00:00")<br>    nlb_mode    = optional(string, "")<br>  }))</pre> | `[]` | no |
+| <a name="input_subnets"></a> [subnets](#input\_subnets) | List of subnets. Default value `public`: `false`. Default value `shared`: `false`. Default value `igmp_querier`: `false`. Default value `nd_ra_prefix`: `true`. Default value `no_default_gateway`: `false`. `nlb_mode` allowed values: `mode-mcast-igmp`, `mode-uc` or `mode-mcast-static`. | <pre>list(object({<br>    description         = optional(string, "")<br>    ip                  = string<br>    public              = optional(bool, false)<br>    shared              = optional(bool, false)<br>    igmp_querier        = optional(bool, false)<br>    nd_ra_prefix        = optional(bool, true)<br>    no_default_gateway  = optional(bool, false)<br>    nd_ra_prefix_policy = optional(string, "")<br>    ip_pools = optional(list(object({<br>      name              = string<br>      start_ip          = optional(string, "")<br>      end_ip            = optional(string, "")<br>      dns_search_suffix = optional(string, "")<br>      dns_server        = optional(string, "")<br>      dns_suffix        = optional(string, "")<br>      wins_server       = optional(string, "")<br>    })), [])<br>    next_hop_ip = optional(string, "")<br>    anycast_mac = optional(string, "")<br>    nlb_group   = optional(string, "0.0.0.0")<br>    nlb_mac     = optional(string, "00:00:00:00:00:00")<br>    nlb_mode    = optional(string, "")<br>  }))</pre> | `[]` | no |
 | <a name="input_vmware_vmm_domains"></a> [vmware\_vmm\_domains](#input\_vmware\_vmm\_domains) | List of VMware VMM domains. Default value `u_segmentation`: `false`. Default value `netflow`: `false`. Choices `deployment_immediacy`: `immediate`, `lazy`. Default value `deployment_immediacy`: `lazy`. Choices `resolution_immediacy`: `immediate`, `lazy`, `pre-provision`. Default value `resolution_immediacy`: `immediate`. Default value `allow_promiscuous`: `false`. Default value `forged_transmits`: `false`. Default value `mac_changes`: `false`. | <pre>list(object({<br>    name                 = string<br>    u_segmentation       = optional(bool, false)<br>    delimiter            = optional(string, "")<br>    vlan                 = optional(number)<br>    primary_vlan         = optional(number)<br>    secondary_vlan       = optional(number)<br>    netflow              = optional(bool, false)<br>    deployment_immediacy = optional(string, "lazy")<br>    resolution_immediacy = optional(string, "immediate")<br>    allow_promiscuous    = optional(bool, false)<br>    forged_transmits     = optional(bool, false)<br>    mac_changes          = optional(bool, false)<br>    custom_epg_name      = optional(string, "")<br>    elag                 = optional(string, "")<br>    active_uplinks_order = optional(string, "")<br>    standby_uplinks      = optional(string, "")<br>  }))</pre> | `[]` | no |
 | <a name="input_static_leafs"></a> [static\_leafs](#input\_static\_leafs) | List of static leaf switches. Allowed values `pod_id`: `1` - `255`. Default value `pod_id`: `1`. Allowed values `node_id`: `1` - `4000`. Allowed values `vlan`: `1` - `4096`. Choices `mode`: `regular`, `native`, `untagged`. Default value `mode`: `regular`. Choices `deployment_immediacy`: `immediate`, `lazy`. Default value `deployment_immediacy`: `immediate` | <pre>list(object({<br>    pod_id               = optional(number, 1)<br>    node_id              = number<br>    vlan                 = number<br>    mode                 = optional(string, "regular")<br>    deployment_immediacy = optional(string, "immediate")<br>  }))</pre> | `[]` | no |
 | <a name="input_static_ports"></a> [static\_ports](#input\_static\_ports) | List of static ports. Allowed values `node_id`, `node2_id`: `1` - `4000`. Allowed values `fex_id`, `fex2_id`: `101` - `199`. Allowed values `vlan`: `1` - `4096`. Allowed values `pod_id`: `1` - `255`. Default value `pod_id`: `1`. Allowed values `port`: `1` - `127`. Allowed values `sub_port`: `1` - `16`. Allowed values `module`: `1` - `9`. Default value `module`: `1`. Choices `deployment_immediacy`: `immediate`, `lazy`. Default value `deployment_immediacy`: `lazy`. Choices `mode`: `regular`, `native`, `untagged`. Default value `mode`: `regular`. | <pre>list(object({<br>    node_id              = number<br>    node2_id             = optional(number)<br>    fex_id               = optional(number)<br>    fex2_id              = optional(number)<br>    vlan                 = number<br>    pod_id               = optional(number, 1)<br>    port                 = optional(number)<br>    sub_port             = optional(number)<br>    module               = optional(number, 1)<br>    channel              = optional(string)<br>    deployment_immediacy = optional(string, "lazy")<br>    mode                 = optional(string, "regular")<br>  }))</pre> | `[]` | no |
@@ -171,6 +171,7 @@ module "aci_endpoint_group" {
 | [aci_rest_managed.fvRsDomAtt](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
 | [aci_rest_managed.fvRsDomAtt_vmm](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
 | [aci_rest_managed.fvRsIntraEpg](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
+| [aci_rest_managed.fvRsNdPfxPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
 | [aci_rest_managed.fvRsNodeAtt](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
 | [aci_rest_managed.fvRsPathAtt_channel](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |
 | [aci_rest_managed.fvRsPathAtt_fex_channel](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource |

diff --git a/modules/terraform-aci-endpoint-group/main.tf b/modules/terraform-aci-endpoint-group/main.tf
@@ -69,6 +69,15 @@ resource "aci_rest_managed" "fvSubnet" {
   }
 }
 
+resource "aci_rest_managed" "fvRsNdPfxPol" {
+  for_each   = { for subnet in var.subnets : subnet.ip => subnet if subnet.nd_ra_prefix_policy != "" }
+  dn         = "${aci_rest_managed.fvSubnet[each.key].dn}/rsNdPfxPol"
+  class_name = "fvRsNdPfxPol"
+  content = {
+    tnNdPfxPolName = each.value.nd_ra_prefix_policy
+  }
+}
+
 resource "aci_rest_managed" "fvCepNetCfgPol" {
   for_each   = { for pool in local.ip_pools_list : pool.id => pool }
   dn         = "${aci_rest_managed.fvSubnet[each.value.subnet_ip].dn}/cepNetCfgPol-${each.value.name}"

diff --git a/modules/terraform-aci-endpoint-group/variables.tf b/modules/terraform-aci-endpoint-group/variables.tf
@@ -221,13 +221,14 @@ variable "physical_domains" {
 variable "subnets" {
   description = "List of subnets. Default value `public`: `false`. Default value `shared`: `false`. Default value `igmp_querier`: `false`. Default value `nd_ra_prefix`: `true`. Default value `no_default_gateway`: `false`. `nlb_mode` allowed values: `mode-mcast-igmp`, `mode-uc` or `mode-mcast-static`."
   type = list(object({
-    description        = optional(string, "")
-    ip                 = string
-    public             = optional(bool, false)
-    shared             = optional(bool, false)
-    igmp_querier       = optional(bool, false)
-    nd_ra_prefix       = optional(bool, true)
-    no_default_gateway = optional(bool, false)
+    description         = optional(string, "")
+    ip                  = string
+    public              = optional(bool, false)
+    shared              = optional(bool, false)
+    igmp_querier        = optional(bool, false)
+    nd_ra_prefix        = optional(bool, true)
+    no_default_gateway  = optional(bool, false)
+    nd_ra_prefix_policy = optional(string, "")
     ip_pools = optional(list(object({
       name              = string
       start_ip          = optional(string, "")
@@ -252,6 +253,13 @@ variable "subnets" {
     error_message = "`description`: Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `\\`, `!`, `#`, `$`, `%`, `(`, `)`, `*`, `,`, `-`, `.`, `/`, `:`, `;`, `@`, ` `, `_`, `{`, `|`, }`, `~`, `?`, `&`, `+`. Maximum characters: 128."
   }
 
+  validation {
+    condition = alltrue([
+      for s in var.subnets : s.nd_ra_prefix_policy == null || can(regex("^[a-zA-Z0-9_.-]{0,64}$", s.nd_ra_prefix_policy))
+    ])
+    error_message = "`nd_ra_prefix_policy`: Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `-`. Maximum characters: 64."
+  }
+
   validation {
     condition = alltrue([
       for s in var.subnets : try(contains(["mode-mcast-igmp", "mode-uc", "mode-mcast-static", ""], s.nlb_mode), false)