From 50a029d0fd09d7480f9a1eee108e0557ad8969bc Mon Sep 17 00:00:00 2001 From: Doug Byrd Date: Tue, 13 Aug 2024 17:22:13 -0400 Subject: [PATCH 1/2] A `terraform-aci-endpoint-ip-tag-policy` A `terraform-aci-endpoint-mac-tag-policy` M defaults.yaml M modules.yaml M .pre-commit-config.yaml Pre-commit test updates --- .pre-commit-config.yaml | 8 +++ README.md | 2 + aci_tenants.tf | 61 ++++++++++++++++++ defaults/modules.yaml | 2 + .../.terraform-docs.yml | 34 ++++++++++ .../README.md | 60 +++++++++++++++++ .../examples/complete/.terraform-docs.yml | 24 +++++++ .../examples/complete/README.md | 28 ++++++++ .../examples/complete/main.tf | 12 ++++ .../examples/complete/versions.tf | 10 +++ .../main.tf | 19 ++++++ .../outputs.tf | 4 ++ .../variables.tf | 48 ++++++++++++++ .../versions.tf | 11 ++++ .../.terraform-docs.yml | 34 ++++++++++ .../README.md | 62 ++++++++++++++++++ .../examples/complete/.terraform-docs.yml | 24 +++++++ .../examples/complete/README.md | 29 +++++++++ .../examples/complete/main.tf | 13 ++++ .../examples/complete/versions.tf | 10 +++ .../main.tf | 21 ++++++ .../outputs.tf | 4 ++ .../variables.tf | 64 +++++++++++++++++++ .../versions.tf | 11 ++++ 24 files changed, 595 insertions(+) create mode 100644 modules/terraform-aci-endpoint-ip-tag-policy/.terraform-docs.yml create mode 100644 modules/terraform-aci-endpoint-ip-tag-policy/README.md create mode 100644 modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/.terraform-docs.yml create mode 100644 modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/README.md create mode 100644 modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/main.tf create mode 100644 modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/versions.tf create mode 100644 modules/terraform-aci-endpoint-ip-tag-policy/main.tf create mode 100644 modules/terraform-aci-endpoint-ip-tag-policy/outputs.tf create mode 100644 modules/terraform-aci-endpoint-ip-tag-policy/variables.tf create mode 100644 modules/terraform-aci-endpoint-ip-tag-policy/versions.tf create mode 100644 modules/terraform-aci-endpoint-mac-tag-policy/.terraform-docs.yml create mode 100644 modules/terraform-aci-endpoint-mac-tag-policy/README.md create mode 100644 modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/.terraform-docs.yml create mode 100644 modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/README.md create mode 100644 modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/main.tf create mode 100644 modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/versions.tf create mode 100644 modules/terraform-aci-endpoint-mac-tag-policy/main.tf create mode 100644 modules/terraform-aci-endpoint-mac-tag-policy/outputs.tf create mode 100644 modules/terraform-aci-endpoint-mac-tag-policy/variables.tf create mode 100644 modules/terraform-aci-endpoint-mac-tag-policy/versions.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ac2f2b11..cf8f8042 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -209,6 +209,14 @@ repos: args: ["./modules/terraform-aci-endpoint-security-group"] - id: terraform-docs-system args: ["./modules/terraform-aci-endpoint-security-group/examples/complete"] + - id: terraform-docs-system + args: ["./modules/terraform-aci-endpoint-ip-tag-policy"] + - id: terraform-docs-system + args: ["./modules/terraform-aci-endpoint-ip-tag-policy/examples/complete"] + - id: terraform-docs-system + args: ["./modules/terraform-aci-endpoint-mac-tag-policy"] + - id: terraform-docs-system + args: ["./modules/terraform-aci-endpoint-mac-tag-policy/examples/complete"] - id: terraform-docs-system args: ["./modules/terraform-aci-error-disabled-recovery"] - id: terraform-docs-system diff --git a/README.md b/README.md index 922f01ca..2c0e3b16 100644 --- a/README.md +++ b/README.md @@ -190,7 +190,9 @@ Additional example repositories: | [aci\_dns\_policy](#module\_aci\_dns\_policy) | ./modules/terraform-aci-dns-policy | n/a | | [aci\_eigrp\_interface\_policy](#module\_aci\_eigrp\_interface\_policy) | ./modules/terraform-aci-eigrp-interface-policy | n/a | | [aci\_endpoint\_group](#module\_aci\_endpoint\_group) | ./modules/terraform-aci-endpoint-group | n/a | +| [aci\_endpoint\_ip\_tag\_policy](#module\_aci\_endpoint\_ip\_tag\_policy) | ./modules/terraform-aci-endpoint-ip-tag-policy | n/a | | [aci\_endpoint\_loop\_protection](#module\_aci\_endpoint\_loop\_protection) | ./modules/terraform-aci-endpoint-loop-protection | n/a | +| [aci\_endpoint\_mac\_tag\_policy](#module\_aci\_endpoint\_mac\_tag\_policy) | ./modules/terraform-aci-endpoint-mac-tag-policy | n/a | | [aci\_endpoint\_security\_group](#module\_aci\_endpoint\_security\_group) | ./modules/terraform-aci-endpoint-security-group | n/a | | [aci\_error\_disabled\_recovery](#module\_aci\_error\_disabled\_recovery) | ./modules/terraform-aci-error-disabled-recovery | n/a | | [aci\_external\_connectivity\_policy](#module\_aci\_external\_connectivity\_policy) | ./modules/terraform-aci-external-connectivity-policy | n/a | diff --git a/aci_tenants.tf b/aci_tenants.tf index 3ca7fc6d..fb2ac4e6 100644 --- a/aci_tenants.tf +++ b/aci_tenants.tf @@ -3499,4 +3499,65 @@ module "aci_track_member" { scope_type = each.value.scope_type scope = each.value.scope ip_sla_policy = each.value.ip_sla_policy +} + +locals { + ep_mac_tags = flatten([ + for tenant in local.tenants : [ + for policy in try(tenant.policies.endpoint_mac_tags, []) : { + key = format("%s/%s/%s", tenant.name, policy.mac, policy.bridge_domain) + tenant = tenant.name + mac = upper(policy.mac) + bridge_domain = policy.bridge_domain == "all" ? "*" : policy.bridge_domain + vrf = policy.bridge_domain == "all" ? policy.vrf : null + tags = try(policy.tags, []) + } + ] + ]) +} + +module "aci_endpoint_mac_tag_policy" { + source = "./modules/terraform-aci-endpoint-mac-tag-policy" + + for_each = { for pol in local.ep_mac_tags : pol.key => pol if local.modules.aci_endpoint_mac_tag_policy && var.manage_tenants } + tenant = each.value.tenant + mac = each.value.mac + bridge_domain = each.value.bridge_domain + vrf = try(each.value.vrf, null) + tags = each.value.tags + + depends_on = [ + module.aci_tenant, + module.aci_vrf, + module.aci_bridge_domain + ] +} + +locals { + ep_ip_tags = flatten([ + for tenant in local.tenants : [ + for policy in try(tenant.policies.endpoint_ip_tags, []) : { + key = format("%s/%s/%s", tenant.name, policy.vrf, policy.ip) + ip = policy.ip + tenant = tenant.name + vrf = policy.vrf + tags = try(policy.tags, []) + } + ] + ]) +} + +module "aci_endpoint_ip_tag_policy" { + source = "./modules/terraform-aci-endpoint-ip-tag-policy" + + for_each = { for pol in local.ep_ip_tags : pol.key => pol if local.modules.aci_endpoint_ip_tag_policy && var.manage_tenants } + ip = each.value.ip + tenant = each.value.tenant + vrf = each.value.vrf + tags = each.value.tags + + depends_on = [ + module.aci_tenant, + module.aci_vrf, + ] } \ No newline at end of file diff --git a/defaults/modules.yaml b/defaults/modules.yaml index 47a1d357..7f940fb4 100644 --- a/defaults/modules.yaml +++ b/defaults/modules.yaml @@ -46,6 +46,8 @@ modules: aci_useg_endpoint_group: true aci_endpoint_loop_protection: true aci_endpoint_security_group: true + aci_endpoint_mac_tag_policy: true + aci_endpoint_ip_tag_policy: true aci_eigrp_interface_policy: true aci_error_disabled_recovery: true aci_external_connectivity_policy: true diff --git a/modules/terraform-aci-endpoint-ip-tag-policy/.terraform-docs.yml b/modules/terraform-aci-endpoint-ip-tag-policy/.terraform-docs.yml new file mode 100644 index 00000000..6081ccc5 --- /dev/null +++ b/modules/terraform-aci-endpoint-ip-tag-policy/.terraform-docs.yml @@ -0,0 +1,34 @@ +version: '>= 0.14.0' + +formatter: markdown table + +content: |- + # Endpoint IP Tag Module + + Manages Endpoint IP Tags + + Location in GUI: + `Tenants` » `XXX` » `Policies` » `Endpoint Tags` » `Endpoint IP` + + ## Examples + + ```hcl + {{ include "./examples/complete/main.tf" }} + ``` + + {{ .Requirements }} + + {{ .Providers }} + + {{ .Inputs }} + + {{ .Outputs }} + + {{ .Resources }} + +output: + file: README.md + mode: replace + +sort: + enabled: false diff --git a/modules/terraform-aci-endpoint-ip-tag-policy/README.md b/modules/terraform-aci-endpoint-ip-tag-policy/README.md new file mode 100644 index 00000000..f301d169 --- /dev/null +++ b/modules/terraform-aci-endpoint-ip-tag-policy/README.md @@ -0,0 +1,60 @@ + +# Endpoint IP Tag Module + +Manages Endpoint IP Tags + +Location in GUI: +`Tenants` » `XXX` » `Policies` » `Endpoint Tags` » `Endpoint IP` + +## Examples + +```hcl +module "aci_endpoint_ip_tag_policy" { + source = "netascode/nac-aci/aci//modules/terraform-aci-endpoint-ip-tag-policy" + version = ">= 0.8.0" + + ip = "1.1.1.1" + tenant = "TEN1" + vrf = "TEN1-VRF" + tags = [{ + key = "Environment" + value = "PROD" + }] +} +``` + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3.0 | +| [aci](#requirement\_aci) | >= 2.0.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aci](#provider\_aci) | >= 2.0.0 | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [ip](#input\_ip) | IP address. | `string` | n/a | yes | +| [tenant](#input\_tenant) | Tenant Name. | `string` | n/a | yes | +| [vrf](#input\_vrf) | VRF Name. | `string` | `null` | no | +| [tags](#input\_tags) | Policy Tags | 
list(object({
    key   = string
    value = string
  }))
| `[]` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [dn](#output\_dn) | Distinguised name of `fvEpIpTag` object. | + +## Resources + +| Name | Type | +|------|------| +| [aci_rest_managed.fvEpIpTag](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | +| [aci_rest_managed.tagTag](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | + \ No newline at end of file diff --git a/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/.terraform-docs.yml b/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/.terraform-docs.yml new file mode 100644 index 00000000..383cfaee --- /dev/null +++ b/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/.terraform-docs.yml @@ -0,0 +1,24 @@ +version: '>= 0.14.0' + +formatter: markdown table + +content: |- + # Ednpoint IP Tag Example + + To run this example you need to execute: + + ```bash + $ terraform init + $ terraform plan + $ terraform apply + ``` + + Note that this example will create resources. Resources can be destroyed with `terraform destroy`. + + ```hcl + {{ include "./main.tf" }} + ``` + +output: + file: README.md + mode: replace diff --git a/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/README.md b/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/README.md new file mode 100644 index 00000000..c7e55128 --- /dev/null +++ b/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/README.md @@ -0,0 +1,28 @@ + +# Ednpoint IP Tag Example + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example will create resources. Resources can be destroyed with `terraform destroy`. + +```hcl +module "aci_endpoint_ip_tag_policy" { + source = "netascode/nac-aci/aci//modules/terraform-aci-endpoint-ip-tag-policy" + version = ">= 0.8.0" + + ip = "1.1.1.1" + tenant = "TEN1" + vrf = "TEN1-VRF" + tags = [{ + key = "Environment" + value = "PROD" + }] +} +``` + \ No newline at end of file diff --git a/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/main.tf b/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/main.tf new file mode 100644 index 00000000..0d14c17f --- /dev/null +++ b/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/main.tf @@ -0,0 +1,12 @@ +module "aci_endpoint_ip_tag_policy" { + source = "netascode/nac-aci/aci//modules/terraform-aci-endpoint-ip-tag-policy" + version = ">= 0.8.0" + + ip = "1.1.1.1" + tenant = "TEN1" + vrf = "TEN1-VRF" + tags = [{ + key = "Environment" + value = "PROD" + }] +} \ No newline at end of file diff --git a/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/versions.tf b/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/versions.tf new file mode 100644 index 00000000..f8585f84 --- /dev/null +++ b/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3.0" + + required_providers { + aci = { + source = "CiscoDevNet/aci" + version = ">= 2.0.0" + } + } +} diff --git a/modules/terraform-aci-endpoint-ip-tag-policy/main.tf b/modules/terraform-aci-endpoint-ip-tag-policy/main.tf new file mode 100644 index 00000000..e54a62a9 --- /dev/null +++ b/modules/terraform-aci-endpoint-ip-tag-policy/main.tf @@ -0,0 +1,19 @@ +resource "aci_rest_managed" "fvEpIpTag" { + dn = "uni/tn-${var.tenant}/eptags/epiptag-[${var.ip}]-${var.vrf}" + class_name = "fvEpIpTag" + + content = { + ip = var.ip + ctxName = var.vrf + } +} + +resource "aci_rest_managed" "tagTag" { + for_each = { for tag in var.tags : "${tag.key}/${tag.value}" => tag } + dn = "${aci_rest_managed.fvEpIpTag.dn}/tagKey-${each.value.key}" + class_name = "tagTag" + content = { + key = each.value.key + value = each.value.value + } +} diff --git a/modules/terraform-aci-endpoint-ip-tag-policy/outputs.tf b/modules/terraform-aci-endpoint-ip-tag-policy/outputs.tf new file mode 100644 index 00000000..089c371f --- /dev/null +++ b/modules/terraform-aci-endpoint-ip-tag-policy/outputs.tf @@ -0,0 +1,4 @@ +output "dn" { + value = aci_rest_managed.fvEpIpTag.id + description = "Distinguised name of `fvEpIpTag` object." +} \ No newline at end of file diff --git a/modules/terraform-aci-endpoint-ip-tag-policy/variables.tf b/modules/terraform-aci-endpoint-ip-tag-policy/variables.tf new file mode 100644 index 00000000..1872967b --- /dev/null +++ b/modules/terraform-aci-endpoint-ip-tag-policy/variables.tf @@ -0,0 +1,48 @@ +variable "ip" { + description = "IP address." + type = string +} + +variable "tenant" { + description = "Tenant Name." + type = string + + validation { + condition = can(regex("^[a-zA-Z0-9_.:-]{0,64}$", var.tenant)) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } +} + +variable "vrf" { + description = "VRF Name." + type = string + default = null + + validation { + condition = var.vrf == null || can(regex("^[a-zA-Z0-9_.:-]{0,64}$", var.vrf)) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } +} + +variable "tags" { + description = "Policy Tags" + type = list(object({ + key = string + value = string + })) + default = [] + + validation { + condition = alltrue([ + for tag in coalesce(var.tags, []) : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", tag.key)) + ]) + error_message = "`tags.key`: Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } + + validation { + condition = alltrue([ + for tag in coalesce(var.tags, []) : can(regex("^[a-zA-Z0-9_.:-]{0,128}$", tag.value)) + ]) + error_message = "`tags.value`: Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 128." + } +} diff --git a/modules/terraform-aci-endpoint-ip-tag-policy/versions.tf b/modules/terraform-aci-endpoint-ip-tag-policy/versions.tf new file mode 100644 index 00000000..9299fb61 --- /dev/null +++ b/modules/terraform-aci-endpoint-ip-tag-policy/versions.tf @@ -0,0 +1,11 @@ + +terraform { + required_version = ">= 1.3.0" + + required_providers { + aci = { + source = "CiscoDevNet/aci" + version = ">= 2.0.0" + } + } +} diff --git a/modules/terraform-aci-endpoint-mac-tag-policy/.terraform-docs.yml b/modules/terraform-aci-endpoint-mac-tag-policy/.terraform-docs.yml new file mode 100644 index 00000000..77fa67f8 --- /dev/null +++ b/modules/terraform-aci-endpoint-mac-tag-policy/.terraform-docs.yml @@ -0,0 +1,34 @@ +version: '>= 0.14.0' + +formatter: markdown table + +content: |- + # Endpoint IP Tag Module + + Manages Endpoint IP Tags + + Location in GUI: + `Tenants` » `XXX` » `Policies` » `Endpoint Tags` » `Endpoint MAC` + + ## Examples + + ```hcl + {{ include "./examples/complete/main.tf" }} + ``` + + {{ .Requirements }} + + {{ .Providers }} + + {{ .Inputs }} + + {{ .Outputs }} + + {{ .Resources }} + +output: + file: README.md + mode: replace + +sort: + enabled: false diff --git a/modules/terraform-aci-endpoint-mac-tag-policy/README.md b/modules/terraform-aci-endpoint-mac-tag-policy/README.md new file mode 100644 index 00000000..8f9a76ef --- /dev/null +++ b/modules/terraform-aci-endpoint-mac-tag-policy/README.md @@ -0,0 +1,62 @@ + +# Endpoint IP Tag Module + +Manages Endpoint IP Tags + +Location in GUI: +`Tenants` » `XXX` » `Policies` » `Endpoint Tags` » `Endpoint MAC` + +## Examples + +```hcl +module "aci_endpoint_mac_tag_policy" { + source = "netascode/nac-aci/aci//modules/terraform-aci-endpoint-mac-tag-policy" + version = ">= 0.8.0" + + tenant = "TEN1" + mac = "AB:CD:EF:DC:BA" + bridge_domain = "all" + vrf = "TEN1-VRF" + tags = [{ + key = "Environment" + value = "PROD" + }] +} +``` + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3.0 | +| [aci](#requirement\_aci) | >= 2.0.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aci](#provider\_aci) | >= 2.0.0 | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [mac](#input\_mac) | MAC address. Format: `12:34:56:78:9A:BC`. | `string` | `"00:22:BD:F8:19:FF"` | no | +| [bridge\_domain](#input\_bridge\_domain) | Bridge domain name. | `string` | n/a | yes | +| [tenant](#input\_tenant) | Tenant Name. | `string` | n/a | yes | +| [vrf](#input\_vrf) | VRF Name. | `string` | `null` | no | +| [tags](#input\_tags) | Policy Tags | 
list(object({
    key   = string
    value = string
  }))
| `[]` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [dn](#output\_dn) | Distinguised name of `fvEpMacTag` object. | + +## Resources + +| Name | Type | +|------|------| +| [aci_rest_managed.fvEpMacTag](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | +| [aci_rest_managed.tagTag](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | + \ No newline at end of file diff --git a/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/.terraform-docs.yml b/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/.terraform-docs.yml new file mode 100644 index 00000000..d405bdb9 --- /dev/null +++ b/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/.terraform-docs.yml @@ -0,0 +1,24 @@ +version: '>= 0.14.0' + +formatter: markdown table + +content: |- + # Ednpoint MAC Tag Example + + To run this example you need to execute: + + ```bash + $ terraform init + $ terraform plan + $ terraform apply + ``` + + Note that this example will create resources. Resources can be destroyed with `terraform destroy`. + + ```hcl + {{ include "./main.tf" }} + ``` + +output: + file: README.md + mode: replace diff --git a/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/README.md b/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/README.md new file mode 100644 index 00000000..a937270e --- /dev/null +++ b/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/README.md @@ -0,0 +1,29 @@ + +# Ednpoint MAC Tag Example + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example will create resources. Resources can be destroyed with `terraform destroy`. + +```hcl +module "aci_endpoint_mac_tag_policy" { + source = "netascode/nac-aci/aci//modules/terraform-aci-endpoint-mac-tag-policy" + version = ">= 0.8.0" + + tenant = "TEN1" + mac = "AB:CD:EF:DC:BA" + bridge_domain = "all" + vrf = "TEN1-VRF" + tags = [{ + key = "Environment" + value = "PROD" + }] +} +``` + \ No newline at end of file diff --git a/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/main.tf b/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/main.tf new file mode 100644 index 00000000..1fb85df1 --- /dev/null +++ b/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/main.tf @@ -0,0 +1,13 @@ +module "aci_endpoint_mac_tag_policy" { + source = "netascode/nac-aci/aci//modules/terraform-aci-endpoint-mac-tag-policy" + version = ">= 0.8.0" + + tenant = "TEN1" + mac = "AB:CD:EF:DC:BA" + bridge_domain = "all" + vrf = "TEN1-VRF" + tags = [{ + key = "Environment" + value = "PROD" + }] +} \ No newline at end of file diff --git a/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/versions.tf b/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/versions.tf new file mode 100644 index 00000000..f8585f84 --- /dev/null +++ b/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3.0" + + required_providers { + aci = { + source = "CiscoDevNet/aci" + version = ">= 2.0.0" + } + } +} diff --git a/modules/terraform-aci-endpoint-mac-tag-policy/main.tf b/modules/terraform-aci-endpoint-mac-tag-policy/main.tf new file mode 100644 index 00000000..37406c93 --- /dev/null +++ b/modules/terraform-aci-endpoint-mac-tag-policy/main.tf @@ -0,0 +1,21 @@ +resource "aci_rest_managed" "fvEpMacTag" { + dn = "uni/tn-${var.tenant}/eptags/epmactag-${var.mac}-[${var.bridge_domain}]" + class_name = "fvEpMacTag" + + content = { + mac = var.mac + # bdName = var.bridge_domain == "all" ? "*" : var.bridge_domain + bdName = var.bridge_domain + ctxName = var.bridge_domain == "*" ? var.vrf : null + } +} + +resource "aci_rest_managed" "tagTag" { + for_each = { for tag in var.tags : "${tag.key}/${tag.value}" => tag } + dn = "${aci_rest_managed.fvEpMacTag.dn}/tagKey-${each.value.key}" + class_name = "tagTag" + content = { + key = each.value.key + value = each.value.value + } +} diff --git a/modules/terraform-aci-endpoint-mac-tag-policy/outputs.tf b/modules/terraform-aci-endpoint-mac-tag-policy/outputs.tf new file mode 100644 index 00000000..90f1ebff --- /dev/null +++ b/modules/terraform-aci-endpoint-mac-tag-policy/outputs.tf @@ -0,0 +1,4 @@ +output "dn" { + value = aci_rest_managed.fvEpMacTag.id + description = "Distinguised name of `fvEpMacTag` object." +} \ No newline at end of file diff --git a/modules/terraform-aci-endpoint-mac-tag-policy/variables.tf b/modules/terraform-aci-endpoint-mac-tag-policy/variables.tf new file mode 100644 index 00000000..1fb5e11b --- /dev/null +++ b/modules/terraform-aci-endpoint-mac-tag-policy/variables.tf @@ -0,0 +1,64 @@ +variable "mac" { + description = "MAC address. Format: `12:34:56:78:9A:BC`." + type = string + default = "00:22:BD:F8:19:FF" + + validation { + condition = can(regex("^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$", var.mac)) + error_message = "Format: `12:34:56:78:9A:BC`." + } +} + +variable "bridge_domain" { + description = "Bridge domain name." + type = string + + validation { + condition = var.bridge_domain == "*" || can(regex("^[a-zA-Z0-9_.:-]{0,64}$", var.bridge_domain)) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } +} + +variable "tenant" { + description = "Tenant Name." + type = string + + validation { + condition = can(regex("^[a-zA-Z0-9_.:-]{0,64}$", var.tenant)) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } +} + +variable "vrf" { + description = "VRF Name." + type = string + default = null + + validation { + condition = var.vrf == null || can(regex("^[a-zA-Z0-9_.:-]{0,64}$", var.vrf)) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } +} + +variable "tags" { + description = "Policy Tags" + type = list(object({ + key = string + value = string + })) + default = [] + + validation { + condition = alltrue([ + for tag in coalesce(var.tags, []) : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", tag.key)) + ]) + error_message = "`tags.key`: Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } + + validation { + condition = alltrue([ + for tag in coalesce(var.tags, []) : can(regex("^[a-zA-Z0-9_.:-]{0,128}$", tag.value)) + ]) + error_message = "`tags.value`: Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 128." + } +} diff --git a/modules/terraform-aci-endpoint-mac-tag-policy/versions.tf b/modules/terraform-aci-endpoint-mac-tag-policy/versions.tf new file mode 100644 index 00000000..9299fb61 --- /dev/null +++ b/modules/terraform-aci-endpoint-mac-tag-policy/versions.tf @@ -0,0 +1,11 @@ + +terraform { + required_version = ">= 1.3.0" + + required_providers { + aci = { + source = "CiscoDevNet/aci" + version = ">= 2.0.0" + } + } +} From 97a1f4546f4d671a036dfad54b3074e7da50348b Mon Sep 17 00:00:00 2001 From: Doug <34190591+therealdoug@users.noreply.github.com> Date: Tue, 13 Aug 2024 21:32:58 +0000 Subject: [PATCH 2/2] Fix Typos --- aci_tenants.tf | 2 +- .../examples/complete/.terraform-docs.yml | 2 +- .../examples/complete/README.md | 2 +- .../examples/complete/.terraform-docs.yml | 2 +- .../examples/complete/README.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/aci_tenants.tf b/aci_tenants.tf index fb2ac4e6..3d345c37 100644 --- a/aci_tenants.tf +++ b/aci_tenants.tf @@ -3529,7 +3529,7 @@ module "aci_endpoint_mac_tag_policy" { depends_on = [ module.aci_tenant, module.aci_vrf, - module.aci_bridge_domain + module.aci_bridge_domain, ] } diff --git a/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/.terraform-docs.yml b/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/.terraform-docs.yml index 383cfaee..fbade2b0 100644 --- a/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/.terraform-docs.yml +++ b/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/.terraform-docs.yml @@ -3,7 +3,7 @@ version: '>= 0.14.0' formatter: markdown table content: |- - # Ednpoint IP Tag Example + # Endpoint IP Tag Example To run this example you need to execute: diff --git a/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/README.md b/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/README.md index c7e55128..fe220c90 100644 --- a/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/README.md +++ b/modules/terraform-aci-endpoint-ip-tag-policy/examples/complete/README.md @@ -1,5 +1,5 @@ -# Ednpoint IP Tag Example +# Endpoint IP Tag Example To run this example you need to execute: diff --git a/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/.terraform-docs.yml b/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/.terraform-docs.yml index d405bdb9..e23491eb 100644 --- a/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/.terraform-docs.yml +++ b/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/.terraform-docs.yml @@ -3,7 +3,7 @@ version: '>= 0.14.0' formatter: markdown table content: |- - # Ednpoint MAC Tag Example + # Endpoint MAC Tag Example To run this example you need to execute: diff --git a/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/README.md b/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/README.md index a937270e..f427de63 100644 --- a/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/README.md +++ b/modules/terraform-aci-endpoint-mac-tag-policy/examples/complete/README.md @@ -1,5 +1,5 @@ -# Ednpoint MAC Tag Example +# Endpoint MAC Tag Example To run this example you need to execute: