From 766cbbd7455ac0622d1b6f03bd27c05a42bd9246 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Tue, 1 Jun 2021 08:59:59 -0400
Subject: [PATCH] add route tables

---
 peer/README.md         |  4 +++
 peer/data.peer.tf      |  7 ++--
 peer/data.self.tf      |  7 ++--
 peer/main.tf           | 81 ++++++++++++++----------------------------
 peer/variables.peer.tf |  6 ++++
 peer/variables.self.tf |  6 ++++
 6 files changed, 51 insertions(+), 60 deletions(-)

diff --git a/peer/README.md b/peer/README.md
index 9deca8d..0421536 100644
--- a/peer/README.md
+++ b/peer/README.md
@@ -64,6 +64,8 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [aws_route.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
+| [aws_route.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
 | [aws_vpc_peering_connection.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection) | resource |
 | [aws_vpc_peering_connection_accepter.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection_accepter) | resource |
 | [aws_arn.peer_current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
@@ -90,6 +92,7 @@ No modules.
 | <a name="input_peer_account_id"></a> [peer\_account\_id](#input\_peer\_account\_id) | Peer AWS Account ID | `string` | `""` | no |
 | <a name="input_peer_nacl_rule_number"></a> [peer\_nacl\_rule\_number](#input\_peer\_nacl\_rule\_number) | Peer Starting rule number within the rule | `number` | `null` | no |
 | <a name="input_peer_network_acl_ids"></a> [peer\_network\_acl\_ids](#input\_peer\_network\_acl\_ids) | Peer VPC Network ACL IDs | `list(string)` | `[]` | no |
+| <a name="input_peer_route_table_filter"></a> [peer\_route\_table\_filter](#input\_peer\_route\_table\_filter) | Peer VPC route table search filter list (default: services) | `list(string)` | <pre>[<br>  "route-*-services",<br>  "route-*-services-private*"<br>]</pre> | no |
 | <a name="input_peer_route_table_ids"></a> [peer\_route\_table\_ids](#input\_peer\_route\_table\_ids) | Peer VPC route table IDs (default: all *private* route tables at peer VPC) | `list(string)` | `[]` | no |
 | <a name="input_peer_rule_increment"></a> [peer\_rule\_increment](#input\_peer\_rule\_increment) | Peer Rule number increment per new CIDR block | `number` | `1` | no |
 | <a name="input_peer_tags"></a> [peer\_tags](#input\_peer\_tags) | Peer AWS Tags to apply to appropriate resources (default: current var.tags) | `map(string)` | `{}` | no |
@@ -100,6 +103,7 @@ No modules.
 | <a name="input_peer_vpc_index"></a> [peer\_vpc\_index](#input\_peer\_vpc\_index) | Peer VPC index number (integer starting at 1) | `number` | `null` | no |
 | <a name="input_peer_vpc_name"></a> [peer\_vpc\_name](#input\_peer\_vpc\_name) | Peer VPC name component used through the VPC descrbing its purpose | `string` | `null` | no |
 | <a name="input_peer_vpc_short_name"></a> [peer\_vpc\_short\_name](#input\_peer\_vpc\_short\_name) | Peer VPC short name component (vpc{index}) | `string` | `null` | no |
+| <a name="input_route_table_filter"></a> [route\_table\_filter](#input\_route\_table\_filter) | VPC route table search filter list (default: all private) | `list(string)` | <pre>[<br>  "*-private-*"<br>]</pre> | no |
 | <a name="input_route_table_ids"></a> [route\_table\_ids](#input\_route\_table\_ids) | Self VPC route table IDs (default: all *private* route tables at self VPC) | `list(string)` | `[]` | no |
 | <a name="input_rule_increment"></a> [rule\_increment](#input\_rule\_increment) | Rule number increment per new CIDR block | `number` | `1` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
diff --git a/peer/data.peer.tf b/peer/data.peer.tf
index ac69785..2944500 100644
--- a/peer/data.peer.tf
+++ b/peer/data.peer.tf
@@ -17,12 +17,13 @@ data "aws_vpc" "peer_vpc" {
 }
 
 # defaults to all private and services vpc
-# if this doesn't exist, may need to make this use a count parameter
 data "aws_route_tables" "default_peer_route_tables" {
+  count    = length(var.peer_route_table_ids) > 0 ? 1 : 0
   provider = aws.peer
   vpc_id   = var.peer_vpc_id
   filter {
-    name   = "tag:Name"
-    values = ["*-private-*", "route-*-services"]
+    name = "tag:Name"
+    #    values = ["*-private-*", "route-*-services"]
+    values = var.peer_route_table_filter
   }
 }
diff --git a/peer/data.self.tf b/peer/data.self.tf
index 262d768..1144765 100644
--- a/peer/data.self.tf
+++ b/peer/data.self.tf
@@ -17,12 +17,13 @@ data "aws_vpc" "self_vpc" {
 }
 
 # defaults to all private and services vpc
-# if this doesn't exist, may need to make this use a count parameter
 data "aws_route_tables" "default_self_route_tables" {
+  count    = length(var.route_table_ids) > 0 ? 1 : 0
   provider = aws.self
   vpc_id   = var.vpc_id
   filter {
-    name   = "tag:Name"
-    values = ["*-private-*"]
+    name = "tag:Name"
+    #    values = ["*-private-*"]
+    values = var.route_table_filter
   }
 }
diff --git a/peer/main.tf b/peer/main.tf
index f5cf51f..64f1e73 100644
--- a/peer/main.tf
+++ b/peer/main.tf
@@ -62,31 +62,11 @@ locals {
   }
 }
 
-## vpc_info = {
-##   name =
-##   cidr_block =
-##   index =  
-##   short_name =
-##   full_name = 
-##   environment = 
-## }
-##   vpc_info = {
-##     "vpc_id"               = module.vpc.vpc_id
-##     "vpc_cidr_block"       = local.vpc_cidr_block
-##     "vpc_arn"              = module.vpc.vpc_arn
-##     "vpc_name"             = local.vpc_name
-##     "vpc_short_name"       = local.vpc_short_name
-##     "vpc_full_name"        = local.vpc_full_name
-##     "vpc_environment"      = local.vpc_environment
-##     "s3_endpoint_id"       = module.routing.vpc_endpoint_id_s3
-##     "dynanodb_endpoint_id" = module.routing.vpc_endpoint_id_dynamodb
-##   }
-## }
-
 
 locals {
-  self_vpc_id       = var.vpc_id
-  peer_vpc_id       = var.peer_vpc_id
+  self_vpc_id = var.vpc_id
+  peer_vpc_id = var.peer_vpc_id
+
   self_vpc_tag_name = data.aws_vpc.self_vpc.tags.Name
   peer_vpc_tag_name = data.aws_vpc.peer_vpc.tags.Name
 
@@ -99,6 +79,9 @@ locals {
   self_label = format("%v%v %v:%v", local._prefixes["vpc-peer"], var.vpc_full_name, local.peer_account_id, var.peer_vpc_full_name)
   peer_label = format("%v%v %v:%v", local._prefixes["vpc-peer"], var.peer_vpc_full_name, local.self_account_id, var.vpc_full_name)
 
+  self_route_table_ids = length(var.route_table_ids) > 0 ? var.route_table_ids : data.aws_route_table_ids.default_peer_route_tables.ids
+  peer_route_table_ids = length(var.peer_route_table_ids) > 0 ? var.peer_route_table_ids : data.aws_route_table_ids.default_peer_route_tables.ids
+
   self_tags = merge(
     var.tags,
     local.base_tags,
@@ -120,6 +103,9 @@ locals {
 
 }
 
+#---
+# peering connection
+#---
 resource "aws_vpc_peering_connection" "self" {
   provider      = aws.self
   vpc_id        = local.self_vpc_id
@@ -139,34 +125,21 @@ resource "aws_vpc_peering_connection_accepter" "peer" {
   tags = local.peer_tags
 }
 
-## # local routes
-## resource "aws_route" "me_peer2" {
-##   provider = aws
-##   count    = length(data.aws_route_tables.me.ids)
-##   #  route_table_id = data.aws_route_tables.me.ids[count.index]
-##   route_table_id            = local.route_tables_me[count.index]
-##   destination_cidr_block    = local.cidr_block_peer2
-##   vpc_peering_connection_id = aws_vpc_peering_connection.me_peer2.id
-## }
-## 
-## # peer routes
-## resource "aws_route" "peer2_me" {
-##   provider = aws.peer2
-##   count    = length(data.aws_route_tables.peer2.ids)
-##   #  route_table_id = data.aws_route_tables.peer2.ids[count.index]
-##   route_table_id            = local.route_tables_peer2[count.index]
-##   destination_cidr_block    = local.cidr_block_me
-##   vpc_peering_connection_id = aws_vpc_peering_connection.me_peer2.id
-## }
-## 
-## # output "rt_me" {
-## #   value = data.aws_route_tables.me.ids
-## # }
-## # output "rt_peer1" {
-## #   value = data.aws_route_tables.peer1.ids
-## # }
-## #
-## # output "rt_peer2" {
-## #   value = data.aws_route_tables.peer2.ids
-## # }
-## 
+#---
+# route tables
+#---
+resource "aws_route" "self" {
+  provider                  = aws.self
+  for_each                  = toset(local.self_route_table_ids)
+  route_table_id            = each.key
+  destination_cidr_block    = local.peer_cidr_block
+  vpc_peering_connection_id = aws_vpc_peering_connection.self.id
+}
+
+resource "aws_route" "peer" {
+  provider                  = aws.peer
+  for_each                  = toset(local.peer_route_table_ids)
+  route_table_id            = each.key
+  destination_cidr_block    = local.self_cidr_block
+  vpc_peering_connection_id = aws_vpc_peering_connection.self.id
+}
diff --git a/peer/variables.peer.tf b/peer/variables.peer.tf
index a0b7d56..bab6455 100644
--- a/peer/variables.peer.tf
+++ b/peer/variables.peer.tf
@@ -57,6 +57,12 @@ variable "peer_route_table_ids" {
   default     = []
 }
 
+variable "peer_route_table_filter" {
+  description = "Peer VPC route table search filter list (default: services)"
+  type        = list(string)
+  default     = ["route-*-services", "route-*-services-private*"]
+}
+
 variable "peer_vpc_cidr_block" {
   description = "Peer VPC CIDR Block (default: obtain from peer VPC)"
   type        = string
diff --git a/peer/variables.self.tf b/peer/variables.self.tf
index 7dc9e8c..f1c0885 100644
--- a/peer/variables.self.tf
+++ b/peer/variables.self.tf
@@ -4,6 +4,12 @@ variable "route_table_ids" {
   default     = []
 }
 
+variable "route_table_filter" {
+  description = "VPC route table search filter list (default: all private)"
+  type        = list(string)
+  default     = ["*-private-*"]
+}
+
 variable "vpc_cidr_block" {
   description = "Self VPC CIDR Block (default: obtain from self VPC)"
   type        = string