feat: add option to create a Remote Peering Connection (RPC) to the D…

…RG module (#72)

Signed-off-by: Andrea Marchesini <[email protected]>

.gitignore

@@ -16,3 +16,4 @@ provider.tf
 
 # macOS related files
 **/.DS_Store
+.terraform.lock.hcl

CHANGELOG.adoc

@@ -14,6 +14,11 @@ Given a version number MAJOR.MINOR.PATCH:
 - MINOR version when adding functionality in a backwards compatible manner,
 - PATCH version when making backwards compatible bug fixes.
 
+== v3.2.0 (unreleased)
+
+=== New features
+* Added Remote Peering Connection capability in DRG module (feat #71)
+
 == v3.1.0 (October 06, 2021)
 
 === New features

README.adoc

@@ -41,6 +41,7 @@ It creates the following resources:
 * An optional NAT gateway and a route table
 * An optional service gateway
 * An optional dynamic routing gateway
+* An optional remote peering connection
 * One or more optional Local Peering Gateways in requestor or acceptor mode, and possibilities to associate a Route Table
 
 It also controls the Default Security List, with a *Lockdown mode* that can be enabled or disabled

README.md

@@ -9,6 +9,7 @@ It creates the following resources:
 * An optional NAT gateway
 * An optional service gateway
 * An optional dynamic routing gateway
+* An optional remote peering connection
 * One or more optional Local Peering Gateways in requestor or acceptor mode, and possibilities to associate a Route Table
 
 It also controls the Default Security List, with a *Lockdown mode* that can be enabled or disabled.

examples/drg/main.tf

@@ -56,16 +56,3 @@ module "vcn_spokes" {
   vcn_name                 = each.key                               # string
 }
 
-# resource "oci_core_remote_peering_connection" "test_rpc" {
-# * boilerplate to start RPC support development
-#     #Required
-#     compartment_id = var.compartment_id
-#     drg_id = module.drg_hub.drg_id
-
-#     #Optional
-#     # defined_tags = {"Operations.CostCenter"= "42"}
-#     display_name = "test_rpc"
-#     # freeform_tags = {"Department"= "Finance"}
-#     # peer_id = oci_core_remote_peering_connection.test_remote_peering_connection2.id
-#     # peer_region_name = var.remote_peering_connection_peer_region_name
-# }

examples/rpc/rpc_from_drg_module/README.md

@@ -0,0 +1,79 @@
+# Creating a remote VCN peering using RPCs with drg module
+
+[Terraform Variable Definition file]:https://www.terraform.io/docs/language/values/variables.html#variable-definitions-tfvars-files
+[Input Variables]:https://www.terraform.io/docs/language/values/variables.html
+[Local Values]:https://www.terraform.io/docs/language/values/locals.html
+[Named Values]:https://www.terraform.io/docs/language/expressions/references.html
+[docs/prerequisites]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/prerequisites.adoc
+[docs/terraformoptions]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/terraformoptions.adoc
+[docs/routing_rules]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/routing_rules.adoc
+[Provisioning Infrastructure with Terraform]:https://www.terraform.io/docs/cli/run/index.html
+
+This example illustrates how to use terraform-oci-vcn and drg submodule to create a remote VCN peering between VCNs created in different regions, through a DRG.
+
+In the local region will be created: 
+- a VCN, with a private subnet for each given CIDR block, and a NAT gateway
+- a DRG attached to the VCN
+- the route rules to allow traffic through the Peering
+
+In the remote region will be created:
+- a VCN with, a public subnet for each given CIDR block, and an Internet Gateway
+- a DRG attached to the VCN
+- the route rules to allow traffic through the Peering
+
+This diagram illustrates what will be created by this example.
+
+![diagram](../../..//docs/images/network_remote_peering_basic.png))
+
+## Prerequisites
+
+You will need to collect the following information before you start:
+
+1. your OCI provider authentication values
+2. a compartment OCID in which the present configuration will be created
+
+For detailed instructions, see [docs/prerequisites]
+
+## Using this example with Terraform CLI
+
+### Creating Providers
+
+You need to create 2 providers:
+* 1 provider for the acceptor region where all the acceptor resources will be created (alias: acceptor)
+* 1 provider for the requestor region where all the requestor resources will be created (alias: requestor)
+
+```
+provider "oci" {
+  fingerprint          = var.api_fingerprint
+  private_key_path     = var.api_private_key_path
+  region               = var.region_acceptor
+  tenancy_ocid         = var.tenancy_id
+  user_ocid            = var.user_id
+  alias                = "acceptor"
+}
+
+provider "oci" {
+  fingerprint          = var.api_fingerprint
+  private_key_path     = var.api_private_key_path
+  region               = var.region_requestor
+  tenancy_ocid         = var.tenancy_id
+  user_ocid            = var.user_id
+  alias                = "requestor"
+}
+```
+
+### Creating Terraform variables definition file
+
+Prepare one [Terraform Variable Definition file] named terraform.tfvars with the required authentication information.
+
+*TIP: You can rename and configure [terraform.tfvars.example](terraform.tfvars.example) from this example's folder.*
+
+Then apply the example using the following commands:
+
+```shell
+> terraform init
+> terraform plan
+> terraform apply
+```
+
+See [Provisioning Infrastructure with Terraform] for more details about Terraform CLI and the available subcommands.

examples/rpc/rpc_from_drg_module/main.tf

@@ -0,0 +1,175 @@
+# Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
+
+# Version requirements
+
+terraform {
+  required_providers {
+    oci = {
+      source  = "hashicorp/oci"
+      version = ">=4.41.0"
+    }
+  }
+  required_version = ">= 1.0.0"
+}
+
+# Resources
+
+module "vcn_acceptor" {
+  # this module use the generic vcn module and configure it to act as vcn for RPC acceptor
+  source  = "oracle-terraform-modules/vcn/oci"
+  version = "3.2.0"
+
+  # general oci parameters
+  compartment_id = var.compartment_id
+  label_prefix   = var.label_prefix
+  freeform_tags  = var.freeform_tags
+
+  # vcn parameters
+  create_drg               = false #! deprecated inner drg, use drg-module instead     
+  create_internet_gateway  = false
+  lockdown_default_seclist = false
+  create_nat_gateway       = true
+  create_service_gateway   = false
+  vcn_cidrs                = var.vcn_cidrs_acceptor
+  vcn_dns_label            = "vcnacceptor"
+  vcn_name                 = "vcn-rpc-acceptor"
+
+  nat_gateway_route_rules = [for cidr in var.vcn_cidrs_requestor :
+    {
+      destination       = cidr # set requestor vcn cidr as destination cidr 
+      destination_type  = "CIDR_BLOCK"
+      network_entity_id = module.drg_acceptor.drg_id
+      description       = "Terraformed - User added Routing Rule to requestor VCN through DRG"
+    }
+  ]
+
+  providers = {
+    oci = oci.acceptor
+  }
+
+}
+
+
+resource "oci_core_subnet" "subnet_acceptor" {
+  provider = oci.acceptor
+  count    = length(var.vcn_cidrs_acceptor)
+
+  #Required
+  compartment_id = var.compartment_id
+  vcn_id         = module.vcn_acceptor.vcn_id
+  #in this example each subnet will use the entire vcn address space
+  cidr_block = var.vcn_cidrs_acceptor[count.index]
+
+  #Optional
+  display_name               = "sub-rpc-acceptor-${count.index}"
+  dns_label                  = "subacceptor${count.index}"
+  prohibit_public_ip_on_vnic = true
+  route_table_id             = module.vcn_acceptor.nat_route_id
+  freeform_tags              = var.freeform_tags
+}
+
+
+module "drg_acceptor" {
+  source  = "oracle-terraform-modules/vcn/oci//modules/drg"
+  version = "3.2.0"
+
+  compartment_id = var.compartment_id
+  label_prefix   = var.label_prefix
+
+  # drg parameters
+  drg_vcn_attachments = {
+    "vcn_acceptor" = {
+      vcn_id                    = module.vcn_acceptor.vcn_id
+      vcn_transit_routing_rt_id = null
+      drg_route_table_id        = null
+    }
+  }
+  drg_display_name = "drg-rpc-acceptor"
+
+  # rpc parameters
+  create_rpc = true
+
+  providers = {
+    oci = oci.acceptor
+  }
+}
+
+
+module "vcn_requestor" {
+  # this module use the generic vcn module and configure it to act as rpc requestor vcn
+  source  = "oracle-terraform-modules/vcn/oci"
+  version = "3.2.0"
+
+  # general oci parameters
+  compartment_id = var.compartment_id
+  label_prefix   = var.label_prefix
+  freeform_tags  = var.freeform_tags
+
+  # vcn parameters
+  create_drg               = false #! deprecated inner drg, use drg-module instead
+  create_internet_gateway  = true
+  lockdown_default_seclist = false
+  create_nat_gateway       = false
+  create_service_gateway   = false
+  vcn_cidrs                = var.vcn_cidrs_requestor
+  vcn_dns_label            = "vcnrequestor"
+  vcn_name                 = "vcn-rpc-requestor"
+
+  internet_gateway_route_rules = [for cidr in var.vcn_cidrs_acceptor :
+    {
+      destination       = cidr # set acceptor vcn cidr as destination cidr 
+      destination_type  = "CIDR_BLOCK"
+      network_entity_id = module.drg_requestor.drg_id
+      description       = "Terraformed - User added Routing Rule to acceptor VCN through DRG"
+    }
+  ]
+
+  providers = {
+    oci = oci.requestor
+  }
+
+}
+
+resource "oci_core_subnet" "subnet_requestor" {
+  provider = oci.requestor
+  count    = length(var.vcn_cidrs_requestor)
+
+  #Required
+  compartment_id = var.compartment_id
+  vcn_id         = module.vcn_requestor.vcn_id
+  #in this example each subnet will use the entire vcn address space
+  cidr_block = var.vcn_cidrs_requestor[count.index]
+
+  #Optional
+  display_name               = "sub-rpc-requestor-${count.index}"
+  dns_label                  = "subrequestor${count.index}"
+  prohibit_public_ip_on_vnic = false
+  route_table_id             = module.vcn_requestor.ig_route_id
+  freeform_tags              = var.freeform_tags
+}
+
+module "drg_requestor" {
+  source  = "oracle-terraform-modules/vcn/oci//modules/drg"
+  version = "3.2.0"
+
+  compartment_id = var.compartment_id
+  label_prefix   = var.label_prefix
+
+  # drg parameters
+  drg_vcn_attachments = { "vcn_requestor" = {
+    vcn_id                    = module.vcn_requestor.vcn_id
+    vcn_transit_routing_rt_id = null
+    drg_route_table_id        = null
+  } }
+  drg_display_name = "drg-rpc-requestor"
+
+  # rpc parameters
+  create_rpc          = true
+  rpc_acceptor_id     = module.drg_acceptor.rpc_id
+  rpc_acceptor_region = var.region_acceptor
+
+  providers = {
+    oci = oci.requestor
+  }
+}

examples/rpc/rpc_from_drg_module/terraform.tfvars.example

@@ -0,0 +1,38 @@
+# Copyright (c) 2019, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
+
+# provider identity parameters
+
+api_fingerprint = ""
+
+api_private_key_path = ""
+
+
+
+tenancy_id = ""
+
+user_id = ""
+
+# general oci parameters
+
+compartment_id = ""
+
+label_prefix = "tf-rpc"
+
+freeform_tags = {
+  environment = "dev"
+  lab         = "rpc"
+}
+
+# rpc acceptor parameters
+region_acceptor = "us-phoenix-1"
+vcn_cidrs_acceptor = ["10.0.0.0/24"]
+
+# rpc requestor parameters 
+region_requestor = "us-ashburn-1"
+vcn_cidrs_requestor = ["192.168.0.0/24"]
+
+
+
+
+