From 9a3dd6bbeb0457058f99b3d8b633de7fd08c8f6e Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Thu, 6 Jul 2023 07:34:33 -0400
Subject: [PATCH] - subnet_tags   - fix to use the right filter for the subnet
 label

---
 CHANGELOG.md          |  4 ++++
 common/version.tf     |  2 +-
 subnet_tags/README.md |  4 ++--
 subnet_tags/main.tf   | 36 ++++++++++++++++++++++++------------
 4 files changed, 31 insertions(+), 15 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 353f4ac..6233f88 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -329,3 +329,7 @@
 * 2.9.3 -- 2023-07-05
   - flowlogs-transit-gateway
     - remove need for iam_role_arn (not needed for s3)
+
+* 2.9.4 -- 2023-07-06
+  - subnet_tags
+    - fix to use the right filter for the subnet label
diff --git a/common/version.tf b/common/version.tf
index 0622996..89f9e9c 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,5 +1,5 @@
 locals {
-  _module_version = "2.9.3"
+  _module_version = "2.9.4"
   _module_names = {
     "_main_" = "aws-vpc-setup"
 
diff --git a/subnet_tags/README.md b/subnet_tags/README.md
index ff2bb18..08e17aa 100644
--- a/subnet_tags/README.md
+++ b/subnet_tags/README.md
@@ -109,8 +109,8 @@ No modules.
 | <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
 | <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
-| <a name="input_private_subnets"></a> [private\_subnets](#input\_private\_subnets) | List of objects with private subnet information to be created | <pre>list(object({<br>    base_cidr         = string<br>    label             = string<br>    bits              = number<br>    offset            = optional(number, 0)<br>    private           = bool<br>    tags              = map(string)<br>    enabled           = optional(bool, true)<br>    availability_zone = optional(string)<br>    #      subnets     = list(string)<br>    #      labels      = list(string)<br>    #      availability_zones = list(string)<br>  }))</pre> | `[]` | no |
-| <a name="input_public_subnets"></a> [public\_subnets](#input\_public\_subnets) | List of objects with public subnet information to be created | <pre>list(object({<br>    base_cidr         = string<br>    label             = string<br>    bits              = number<br>    offset            = optional(number, 0)<br>    private           = bool<br>    tags              = map(string)<br>    enabled           = optional(bool, true)<br>    availability_zone = optional(string)<br>    #      subnets     = list(string)<br>    #      labels      = list(string)<br>    #      availability_zones = list(string)<br>  }))</pre> | `[]` | no |
+| <a name="input_private_subnets"></a> [private\_subnets](#input\_private\_subnets) | List of objects with private subnet information to be created | <pre>list(object({<br>    base_cidr          = string<br>    label              = string<br>    bits               = number<br>    offset             = optional(number, 0)<br>    private            = bool<br>    tags               = map(string)<br>    enabled            = optional(bool, true)<br>    availability_zone  = optional(string)<br>    availability_zones = optional(list(string), [])<br>    #      subnets     = list(string)<br>    #      labels      = list(string)<br>  }))</pre> | `[]` | no |
+| <a name="input_public_subnets"></a> [public\_subnets](#input\_public\_subnets) | List of objects with public subnet information to be created | <pre>list(object({<br>    base_cidr          = string<br>    label              = string<br>    bits               = number<br>    offset             = optional(number, 0)<br>    private            = bool<br>    tags               = map(string)<br>    enabled            = optional(bool, true)<br>    availability_zone  = optional(string)<br>    availability_zones = optional(list(string), [])<br>    #      subnets     = list(string)<br>    #      labels      = list(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
 | <a name="input_vpc_environment"></a> [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
 | <a name="input_vpc_full_name"></a> [vpc\_full\_name](#input\_vpc\_full\_name) | VPC full name component (vpc{index}-{vpc\_name}) | `string` | `null` | no |
diff --git a/subnet_tags/main.tf b/subnet_tags/main.tf
index b76f8c9..7b9e147 100644
--- a/subnet_tags/main.tf
+++ b/subnet_tags/main.tf
@@ -96,8 +96,9 @@ locals {
       tags               = lookup(v, "tags", {})
     } if v.enabled
   }
-  public_map = flatten([for k, v in local.public_subnets :
+  _public_map = flatten([for k, v in local.public_subnets :
   [for i in local.az_count_list : merge(tomap({ "subnet" = v.subnets[i], "label" = v.labels[i], "availability_zone" = v.availability_zones[i] }), { "tags" = v.tags })]])
+  public_map = { for p in local._public_map : p.label => p }
 }
 
 
@@ -111,14 +112,13 @@ data "aws_subnets" "public" {
   }
   filter {
     name   = "tag:Name"
-    values = [format("*-%v-*", each.key)]
+    values = [format("*-%v", each.key)]
   }
 }
 
 locals {
-  public_ids      = merge([for k, v in data.aws_subnets.public : { for i in v.ids : format("%v:%v", k, i) => { item = format("%v:%v", k, i), label = k, subnet_id = i } }]...)
-  public_tag_keys = { for p in local.public_ids : p => keys(local.public_subnets[p.label].tags) }
-  public_tags     = merge([for p, v in local.public_ids : { for t in v : format("%v_%v", p, t) => { tag_label = format("%v_%v", p, t), id_label = p, subnet_id = local.public_ids[p].subnet_id, tag_key = t, tag_value = local.public_subnets[p].tags[t] } }]...)
+  public_ids  = merge([for k, v in data.aws_subnets.public : { for i in v.ids : format("%v:%v", k, i) => { item = format("%v:%v", k, i), label = k, subnet_id = i } }]...)
+  public_tags = merge([for p, v in local.public_ids : { for tk, tv in local.public_map[v.label].tags : format("%v_%v", p, tk) => { tag_label = format("%v_%v", p, tk), id_label = p, subnet_id = v.subnet_id, tag_key = tk, tag_value = tv } }]...)
 }
 
 data "aws_subnet" "public" {
@@ -149,27 +149,27 @@ locals {
       tags               = lookup(v, "tags", {})
     } if v.enabled
   }
-  private_map = flatten([for k, v in local.private_subnets :
-  [for i in local.az_count_list : merge(tomap({ "subnet" = v.subnets[i], "label" = v.labels[i], "availability_zone" = v.availability_zones[i] }), { "tags" = v.tags })]])
+  _private_map = flatten([for k, v in local.private_subnets :
+  [for i in local.az_count_list : merge(tomap({ "base_label" = v.label, "subnet" = v.subnets[i], "label" = v.labels[i], "availability_zone" = v.availability_zones[i] }), { "tags" = v.tags })]])
+  private_map = { for p in local._private_map : p.label => p }
 }
 
 # ignore attachment, as it is not shared
 data "aws_subnets" "private" {
-  for_each = { for subnet in local.private_map : subnet.label => subnet if subnet.label != "attachment" && length(subnet.tags) > 0 }
+  for_each = { for k, subnet in local.private_map : subnet.label => subnet if subnet.base_label != "attachment" && length(subnet.tags) > 0 }
   filter {
     name   = "vpc-id"
     values = [var.vpc_id]
   }
   filter {
     name   = "tag:Name"
-    values = [format("*-%v-*", each.key)]
+    values = [format("*-%v", each.key)]
   }
 }
 
 locals {
-  private_ids      = merge([for k, v in data.aws_subnets.private : { for i in v.ids : format("%v:%v", k, i) => { item = format("%v:%v", k, i), label = k, subnet_id = i } }]...)
-  private_tag_keys = { for p in local.private_ids : p => keys(local.private_subnets[p.label].tags) }
-  private_tags     = merge([for p, v in local.private_ids : { for t in v : format("%v_%v", p, t) => { tag_label = format("%v_%v", p, t), id_label = p, subnet_id = local.private_ids[p].subnet_id, tag_key = t, tag_value = local.private_subnets[p].tags[t] } }]...)
+  private_ids  = merge([for k, v in data.aws_subnets.private : { for i in v.ids : format("%v:%v", k, i) => { item = format("%v:%v", k, i), label = k, subnet_id = i } }]...)
+  private_tags = merge([for p, v in local.private_ids : { for tk, tv in local.private_map[v.label].tags : format("%v_%v", p, tk) => { tag_label = format("%v_%v", p, tk), id_label = p, subnet_id = v.subnet_id, tag_key = tk, tag_value = tv } }]...)
 }
 
 data "aws_subnet" "private" {
@@ -183,3 +183,15 @@ resource "aws_ec2_tag" "private" {
   key         = each.value.tag_key
   value       = each.value.tag_value
 }
+
+## output "subnet_tags_debug" {
+##   value = {
+##     private_subnets = local.private_subnets
+##     private_map = local.private_map
+##     data_aws_subnets_private = data.aws_subnets.private
+##     data_aws_subnet_private = data.aws_subnet.private
+##     private_ids = local.private_ids
+##     private_tags = local.private_tags
+##     aws_ec2_tag = aws_ec2_tag.private
+##   }
+## }