terraform-ibm-modules/terraform-ibm-landing-zone-vpc

Enable creating network acls for disjoint ip address spaces

Closed this issue a year ago · 1 comments

vburckhardt commented a year ago

Context:

network_cidr currently takes one string

terraform-ibm-landing-zone-vpc/variables.tf

Line 37 in 44fe07c

variable "network_cidr" {
this value is used to compute a set of network acl for ibm flows, and cross subnet flows. see https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/network_acls.tf

Enhancement:

case where the address space is disjoint (eg: multiple vpcs and on-prem direct link connected to same transit gateway) - it is not possible to have one single cidr covering all address space

Proposed solution:

network_cidr to be renamed network_cidrs accepting a list of string (cidrs)
iterate through each cidr in the logic at https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/network_acls.tf#L6 https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/network_acls.tf#L50 and https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/network_acls.tf#L63

Aashiq-J commented a year ago

Andrej suggested he is busy with another task and he hasn't started working on it. So, I have picked up this issue.

👍1