Skip to content

Commit

Permalink
add new, rname old
Browse files Browse the repository at this point in the history
  • Loading branch information
@badra001
badra001 committed Dec 1, 2022
1 parent de91a09 commit 7b4ef52
Show file tree
Hide file tree
Showing 22 changed files with 482 additions and 53 deletions.
44 changes: 44 additions & 0 deletions examples/full-setup/apps/dns.old.2/.terraform-docs.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
formatter: markdown table

header-from: main.tf
footer-from: ""

sections:
## hide: []
show:
- data-sources
- header
- footer
- inputs
- modules
- outputs
- providers
- requirements
- resources

output:
file: README.md
mode: inject
template: |-
<!-- BEGIN_TF_DOCS -->
{{ .Content }}
<!-- END_TF_DOCS -->
## output-values:
## enabled: false
## from: ""
##
## sort:
## enabled: true
## by: name
##
## settings:
## anchor: true
## color: true
## default: true
## description: false
## escape: true
## indent: 2
## required: true
## sensitive: true
## type: true
66 changes: 66 additions & 0 deletions examples/full-setup/apps/dns.old.2/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
<!-- BEGIN_TF_DOCS -->
## Requirements

No requirements.

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
| <a name="provider_external"></a> [external](#provider\_external) | n/a |

## Modules

No modules.

## Resources

| Name | Type |
|------|------|
| [aws_cloudwatch_log_group.dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
| [aws_route53_record.inbound_a](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.inbound_ptr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.outbound_a](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.outbound_ptr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_resolver_endpoint.inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_endpoint) | resource |
| [aws_route53_resolver_endpoint.outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_endpoint) | resource |
| [aws_route53_resolver_query_log_config.dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_query_log_config) | resource |
| [aws_route53_resolver_query_log_config_association.dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_query_log_config_association) | resource |
| [aws_route53_resolver_rule.all](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_rule) | resource |
| [aws_route53_resolver_rule.amazon](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_rule) | resource |
| [aws_route53_resolver_rule.reverse](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_rule) | resource |
| [aws_route53_resolver_rule_association.all](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_rule_association) | resource |
| [aws_route53_resolver_rule_association.amazon](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_rule_association) | resource |
| [aws_route53_resolver_rule_association.reverse](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_rule_association) | resource |
| [aws_route53_zone.domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
| [aws_route53_zone.ptr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
| [aws_security_group.sg1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_subnet.endpoints](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
| [aws_subnet_ids.endpoints](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) | data source |
| [external_external.inbound_sorted](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |
| [external_external.outbound_sorted](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_application_tags"></a> [application\_tags](#input\_application\_tags) | Default application tags to be used on non-infrastructure resources | `map(string)` | `{}` | no |

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_all_zones"></a> [all\_zones](#output\_all\_zones) | DNS zone list |
| <a name="output_domain_zone_id"></a> [domain\_zone\_id](#output\_domain\_zone\_id) | DICE development DNS Zone ID |
| <a name="output_domain_zone_ns"></a> [domain\_zone\_ns](#output\_domain\_zone\_ns) | DICE development DNS Zone Nameservers |
| <a name="output_inbound_dns"></a> [inbound\_dns](#output\_inbound\_dns) | DNS entries for inbound DNS resolver |
| <a name="output_inbound_dns_map"></a> [inbound\_dns\_map](#output\_inbound\_dns\_map) | DNS entries for inbound DNS resolver name and IP only |
| <a name="output_outbound_dns"></a> [outbound\_dns](#output\_outbound\_dns) | DNS entries for outbound DNS resolver |
| <a name="output_ptr_zone_id"></a> [ptr\_zone\_id](#output\_ptr\_zone\_id) | DICE development DNS PTR Zone IDs |
| <a name="output_ptr_zone_info"></a> [ptr\_zone\_info](#output\_ptr\_zone\_info) | DICE development DNS PTR Zone Info |
| <a name="output_ptr_zone_ns"></a> [ptr\_zone\_ns](#output\_ptr\_zone\_ns) | DICE development DNS PTR Zone Nameservers |
| <a name="output_resolver_endpoint_info"></a> [resolver\_endpoint\_info](#output\_resolver\_endpoint\_info) | DNS Resolver Endpoint Information |
| <a name="output_sg_sg1_arn"></a> [sg\_sg1\_arn](#output\_sg\_sg1\_arn) | DNS Seurity group ARN |
| <a name="output_sg_sg1_id"></a> [sg\_sg1\_id](#output\_sg\_sg1\_id) | DNS Seurity group ID |
<!-- END_TF_DOCS -->
0 examples/full-setup/apps/dns/endpoints.tf → ...es/full-setup/apps/dns.old.2/endpoints.tf
View file
File renamed without changes.
0 examples/full-setup/apps/dns/iam.tf → examples/full-setup/apps/dns.old.2/iam.tf
View file
File renamed without changes.
13 changes: 13 additions & 0 deletions examples/full-setup/apps/dns.old.2/locals.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
locals {
base_tags = {
"boc:created_by" = "terraform"
}
}

locals {
vpc_info = data.terraform_remote_state.vpc_east_vpc4.outputs.vpc_info
vpc_id = local.vpc_info["vpc_id"]
domain_name = local.vpc_info["vpc_domain_name"]
dns_servers = local.vpc_info["vpc_dns_servers"]
vpc_short_name = local.vpc_info["vpc_short_name"]
}
0 examples/full-setup/apps/dns/logging.tf → ...ples/full-setup/apps/dns.old.2/logging.tf
View file
File renamed without changes.
0 examples/full-setup/apps/dns/records.tf → ...ples/full-setup/apps/dns.old.2/records.tf
View file
File renamed without changes.
3 changes: 3 additions & 0 deletions examples/full-setup/apps/dns.old.2/region.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
locals {
region = var.region
}
0 examples/full-setup/apps/dns/resolver.tf → ...les/full-setup/apps/dns.old.2/resolver.tf
View file
File renamed without changes.
0 examples/full-setup/apps/dns/sg-dns.tf → examples/full-setup/apps/dns.old.2/sg-dns.tf
View file
File renamed without changes.
19 changes: 19 additions & 0 deletions examples/full-setup/apps/dns.old.2/sort-ip.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#!/bin/env python

import json
import sys
import ipaddress

r=0
outdata={'ip_addresses_sorted':''}
try:
indata=json.load(sys.stdin)
ipa=indata['ip_addresses'].split(',')
ips=sorted(ipa,key=ipaddress.ip_address)
outdata['ip_addresses_sorted']=','.join(ips)
print(json.dumps(outdata))
except:
sys.stderr.write("unable to parse input address\n")
r=1

sys.exit(r)
7 changes: 7 additions & 0 deletions examples/full-setup/apps/dns.old.2/tf-run.data
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
COMMAND tf-directory-setup.py -l none -f
COMMAND tf-init -upgrade
COMMAND mv records.tf records.tf.later
ALL
COMMAND mv records.tf.later records.tf
ALL
COMMAND tf-directory-setup.py -l s3
0 ...up/apps/dns/variables.application_tags.tf → ...s/dns.old.2/variables.application_tags.tf
View file
File renamed without changes.
104 changes: 104 additions & 0 deletions examples/full-setup/apps/dns.old.2/zones.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
locals {
# calculate set of /24 blocks for PTR subnets from cidr bock size
vpc_cidr_block = local.vpc_info["vpc_cidr_block"]
bits = tonumber(split("/", local.vpc_cidr_block)[1])
split_bits = 24 - local.bits
_ptr_zones = local.split_bits > 0 ? { for x in range(0, pow(2, local.split_bits)) : x => cidrsubnet(local.vpc_cidr_block, local.split_bits, x) } : {}
ptr_zones = { for x, s in local._ptr_zones : s => {
index = x
cidr = s
octets = split(".", split("/", s)[0])
bits = tonumber(split("/", s)[1])
ptr_zone = format("%v.in-addr.arpa", join(".", reverse(slice(split(".", split("/", s)[0]), 0, 3))))
}
}
}

#---
# domain (forward) zone
#---
resource "aws_route53_zone" "domain_zone" {
name = local.domain_name
comment = "DICE development DNS Zone"
force_destroy = false

vpc {
vpc_id = local.vpc_id
vpc_region = local.region
}

# lifecycle {
# ignore_changes
# }

tags = merge(
local.base_tags,
local.common_tags,
var.application_tags,
tomap({ "Name" = local.domain_name }),
)
}
#resource "aws_route53_zone_association" "dns_zone" { }

output "domain_zone_id" {
description = "DICE development DNS Zone ID"
value = aws_route53_zone.domain_zone.zone_id
}

output "domain_zone_ns" {
description = "DICE development DNS Zone Nameservers"
value = aws_route53_zone.domain_zone.name_servers
}

#---
# ptr (reverse) zones
#---
resource "aws_route53_zone" "ptr_zone" {
for_each = local.ptr_zones

name = each.value.ptr_zone
comment = format("DICE development DNS PTR Zone %v (%v)", each.value.ptr_zone, each.value.cidr)
force_destroy = false

vpc {
vpc_id = local.vpc_id
vpc_region = local.region
}

# lifecycle {
# ignore_changes
# }

tags = merge(
local.base_tags,
local.common_tags,
var.application_tags,
tomap({ "Name" = each.value.ptr_zone }),
)
}


output "ptr_zone_id" {
description = "DICE development DNS PTR Zone IDs"
value = { for x, s in local.ptr_zones : x => aws_route53_zone.ptr_zone[x].zone_id }
}

output "ptr_zone_ns" {
description = "DICE development DNS PTR Zone Nameservers"
value = { for x, s in local.ptr_zones : x => aws_route53_zone.ptr_zone[x].name_servers }
}

output "ptr_zone_info" {
description = "DICE development DNS PTR Zone Info"
value = { for x, s in local.ptr_zones : x => {
cidr = s.cidr
ptr_zone = s.ptr_zone
zone_id = aws_route53_zone.ptr_zone[x].zone_id
name_servers = aws_route53_zone.ptr_zone[x].name_servers
} }
}

output "all_zones" {
description = "DNS zone list"
value = flatten(concat([local.domain_name], [for x, s in local.ptr_zones : s.ptr_zone]))
}
55 changes: 22 additions & 33 deletions examples/full-setup/apps/dns/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@ No requirements.
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
| <a name="provider_external"></a> [external](#provider\_external) | n/a |
| <a name="provider_aws.east_main_dns"></a> [aws.east\_main\_dns](#provider\_aws.east\_main\_dns) | n/a |
| <a name="provider_aws.west_main_dns"></a> [aws.west\_main\_dns](#provider\_aws.west\_main\_dns) | n/a |

## Modules

Expand All @@ -18,49 +19,37 @@ No modules.

| Name | Type |
|------|------|
| [aws_cloudwatch_log_group.dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
| [aws_route53_record.inbound_a](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.inbound_ptr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.outbound_a](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.outbound_ptr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_resolver_endpoint.inbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_endpoint) | resource |
| [aws_route53_resolver_endpoint.outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_endpoint) | resource |
| [aws_route53_resolver_query_log_config.dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_query_log_config) | resource |
| [aws_route53_resolver_query_log_config_association.dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_query_log_config_association) | resource |
| [aws_route53_resolver_rule.all](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_rule) | resource |
| [aws_route53_resolver_rule.amazon](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_rule) | resource |
| [aws_route53_resolver_rule.reverse](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_rule) | resource |
| [aws_route53_resolver_rule_association.all](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_rule_association) | resource |
| [aws_route53_resolver_rule_association.amazon](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_rule_association) | resource |
| [aws_route53_resolver_rule_association.reverse](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_rule_association) | resource |
| [aws_route53_resolver_rule_association.all_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_rule_association) | resource |
| [aws_route53_vpc_association_authorization.east_domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
| [aws_route53_vpc_association_authorization.east_ptr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
| [aws_route53_vpc_association_authorization.west_domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
| [aws_route53_vpc_association_authorization.west_ptr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
| [aws_route53_zone.domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
| [aws_route53_zone.ptr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
| [aws_security_group.sg1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_subnet.endpoints](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
| [aws_subnet_ids.endpoints](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) | data source |
| [external_external.inbound_sorted](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |
| [external_external.outbound_sorted](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |
| [aws_route53_zone_association.east_domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
| [aws_route53_zone_association.east_ptr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
| [aws_route53_zone_association.west_domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
| [aws_route53_zone_association.west_ptr_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
| [aws_route53_resolver_rules.all_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_resolver_rules) | data source |
| [aws_route53_zone.domain_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_application_tags"></a> [application\_tags](#input\_application\_tags) | Default application tags to be used on non-infrastructure resources | `map(string)` | `{}` | no |
| <a name="input_dns_zone_create"></a> [dns\_zone\_create](#input\_dns\_zone\_create) | Flag determing to create (true) or associate (false) the main forward zone. Used for the same VPC domain name across different regions or VPCs | `bool` | `true` | no |
| <a name="input_dns_zone_description_prefix"></a> [dns\_zone\_description\_prefix](#input\_dns\_zone\_description\_prefix) | Zone description with the org-project-program-environment | `string` | `""` | no |
| <a name="input_main_dns_profile"></a> [main\_dns\_profile](#input\_main\_dns\_profile) | Profile name for AWS for the main DNS central account | `string` | `"107742151971-do2-govcloud"` | no |
| <a name="input_main_dns_vpcs"></a> [main\_dns\_vpcs](#input\_main\_dns\_vpcs) | Map of region and VPC ids of the vpc1-services in us-gov-west-1 and us-gov-east-1 for centralized DNS | `map(string)` | <pre>{<br> "us-gov-east-1": "vpc-099a991da7c4eb8a5",<br> "us-gov-west-1": "vpc-77877a12"<br>}</pre> | no |

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_all_zones"></a> [all\_zones](#output\_all\_zones) | DNS zone list |
| <a name="output_domain_zone_id"></a> [domain\_zone\_id](#output\_domain\_zone\_id) | DICE development DNS Zone ID |
| <a name="output_domain_zone_ns"></a> [domain\_zone\_ns](#output\_domain\_zone\_ns) | DICE development DNS Zone Nameservers |
| <a name="output_inbound_dns"></a> [inbound\_dns](#output\_inbound\_dns) | DNS entries for inbound DNS resolver |
| <a name="output_inbound_dns_map"></a> [inbound\_dns\_map](#output\_inbound\_dns\_map) | DNS entries for inbound DNS resolver name and IP only |
| <a name="output_outbound_dns"></a> [outbound\_dns](#output\_outbound\_dns) | DNS entries for outbound DNS resolver |
| <a name="output_ptr_zone_id"></a> [ptr\_zone\_id](#output\_ptr\_zone\_id) | DICE development DNS PTR Zone IDs |
| <a name="output_ptr_zone_info"></a> [ptr\_zone\_info](#output\_ptr\_zone\_info) | DICE development DNS PTR Zone Info |
| <a name="output_ptr_zone_ns"></a> [ptr\_zone\_ns](#output\_ptr\_zone\_ns) | DICE development DNS PTR Zone Nameservers |
| <a name="output_resolver_endpoint_info"></a> [resolver\_endpoint\_info](#output\_resolver\_endpoint\_info) | DNS Resolver Endpoint Information |
| <a name="output_sg_sg1_arn"></a> [sg\_sg1\_arn](#output\_sg\_sg1\_arn) | DNS Seurity group ARN |
| <a name="output_sg_sg1_id"></a> [sg\_sg1\_id](#output\_sg\_sg1\_id) | DNS Seurity group ID |
| <a name="output_domain_zone_id"></a> [domain\_zone\_id](#output\_domain\_zone\_id) | DNS Zone ID |
| <a name="output_domain_zone_ns"></a> [domain\_zone\_ns](#output\_domain\_zone\_ns) | DNS Zone Nameservers |
| <a name="output_ptr_zone_id"></a> [ptr\_zone\_id](#output\_ptr\_zone\_id) | DNS PTR Zone IDs |
| <a name="output_ptr_zone_info"></a> [ptr\_zone\_info](#output\_ptr\_zone\_info) | DNS PTR Zone Info |
| <a name="output_ptr_zone_ns"></a> [ptr\_zone\_ns](#output\_ptr\_zone\_ns) | DNS PTR Zone Nameservers |
<!-- END_TF_DOCS -->
25 changes: 25 additions & 0 deletions examples/full-setup/apps/dns/associate-shared.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
## locals {
## reverse_zones = flatten([
## "10.in-addr.arpa",
## "168.192.in-addr.arpa",
## "129.148.in-addr.arpa",
## [for x in range(16, 32) : format("%v.172.in-addr.arpa", x)],
## ])
## reverse_rules = formatlist("reverse-%v", local.reverse_zones)
## forward_rules = ["forward-all-onprem", "amazon"]
## all_main_rules = formatlist("resolver-%v", concat(local.forward_rules, local.reverse_rules))
## }

data "aws_route53_resolver_rules" "all_rules" {
share_status = "SHARED_WITH_ME"
}

data "aws_route53_resolver_rules" "all_rules_me" {
share_status = "SHARED_BY_ME"
}

resource "aws_route53_resolver_rule_association" "all_rules" {
for_each = length(data.aws_route53_resolver_rules.all_rules.resolver_rule_ids) > 0 ? toset(data.aws_route53_resolver_rules.all_rules.resolver_rule_ids) : toset(data.aws_route53_resolver_rules.all_rules_me.resolver_rule_ids)
resolver_rule_id = each.key
vpc_id = local.vpc_id
}

0 comments on commit 7b4ef52

Please sign in to comment.