From 92f42faa8cab4ce9356e2266f3deb16f30a53ad9 Mon Sep 17 00:00:00 2001 From: Ben Whaley <503816+bwhaley@users.noreply.github.com> Date: Tue, 14 Jan 2025 15:37:08 -0800 Subject: [PATCH] Fixes bash issue with parsing with multiple VPC CIDR blocks --- examples/main.tf | 35 ++++++++++++++++++++++++++--------- examples/variables.tf | 12 ++++++++++++ scripts/alternat.sh | 8 +++----- test/alternat_test.go | 1 + 4 files changed, 42 insertions(+), 14 deletions(-) diff --git a/examples/main.tf b/examples/main.tf index 1018a77..3cf8ad0 100644 --- a/examples/main.tf +++ b/examples/main.tf @@ -8,12 +8,26 @@ module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "~> 4" - name = var.vpc_name - cidr = var.vpc_cidr - private_subnets = var.private_subnets - public_subnets = var.public_subnets - azs = local.azs - enable_nat_gateway = var.enable_nat_gateway + name = var.vpc_name + cidr = var.vpc_cidrs + secondary_cidr_blocks = [var.vpc_secondary_cidr] + private_subnets = var.private_subnets + public_subnets = var.public_subnets + azs = local.azs + enable_nat_gateway = var.enable_nat_gateway +} + +resource "aws_subnet" "secondary_subnets" { + count = length(var.vpc_secondary_subnets) + vpc_id = module.vpc.vpc_id + cidr_block = var.vpc_secondary_subnets[count.index] + availability_zone = local.azs[count.index] +} + +resource "aws_route_table_association" "secondary_subnets" { + count = length(var.vpc_secondary_subnets) + subnet_id = aws_subnet.secondary_subnets[count.index].id + route_table_id = module.vpc.private_route_table_ids[count.index] } data "aws_subnet" "subnet" { @@ -25,9 +39,12 @@ locals { vpc_az_maps = [ for index, rt in module.vpc.private_route_table_ids : { - az = data.aws_subnet.subnet[index].availability_zone - route_table_ids = [rt] - public_subnet_id = module.vpc.public_subnets[index] + az = data.aws_subnet.subnet[index].availability_zone + route_table_ids = [rt] + public_subnet_id = module.vpc.public_subnets[index] + # The secondary subnets do not need to be included here. this data is + # used for the connectivity test function and VPC endpoint which are + # only needed in one subnet per zone. private_subnet_ids = [module.vpc.private_subnets[index]] } ] diff --git a/examples/variables.tf b/examples/variables.tf index a8a546d..b424546 100644 --- a/examples/variables.tf +++ b/examples/variables.tf @@ -46,6 +46,18 @@ variable "vpc_cidr" { default = "10.10.0.0/16" } +variable "vpc_secondary_subnets" { + description = "List of private subnets in the secondary cidr space." + type = list(string) + default = ["10.20.20.0/24", "10.20.21.0/24"] +} + +variable "vpc_secondary_cidr" { + description = "A secondary CIDR block to use with the example VPC." + type = string + default = "10.20.0.0/16" +} + variable "vpc_name" { description = "The name to use for the example VPC." type = string diff --git a/scripts/alternat.sh b/scripts/alternat.sh index 5f3a87b..3a7455a 100644 --- a/scripts/alternat.sh +++ b/scripts/alternat.sh @@ -47,15 +47,13 @@ configure_nat() { local vpc_cidr_uri="http://169.254.169.254/latest/meta-data/network/interfaces/macs/${nic_mac}/vpc-ipv4-cidr-blocks" echo "Metadata location for vpc ipv4 ranges: $vpc_cidr_uri" - local vpc_cidr_ranges=$(CURL_WITH_TOKEN "$vpc_cidr_uri") - if [ $? -ne 0 ]; then + readarray vpc_cidrs <<< $(CURL_WITH_TOKEN "$vpc_cidr_uri") + if [ ${#vpc_cidrs[*]} -lt 1 ]; then panic "Unable to obtain VPC CIDR range from metadata." else - echo "Retrieved VPC CIDR range(s) $vpc_cidr_ranges from metadata." + echo "Retrieved VPC CIDR range(s) ${vpc_cidrs[@]} from metadata." fi - IFS=' ' read -r -a vpc_cidrs <<< $(echo "$vpc_cidr_ranges") - echo "Enabling NAT..." # Read more about these settings here: https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt diff --git a/test/alternat_test.go b/test/alternat_test.go index 6541c8f..ac94640 100644 --- a/test/alternat_test.go +++ b/test/alternat_test.go @@ -144,6 +144,7 @@ func TestAlternat(t *testing.T) { chain postrouting { type nat hook postrouting priority srcnat; policy accept; ip saddr 10.10.0.0/16 oif "ens5" masquerade + ip saddr 10.20.0.0/16 oif "ens5" masquerade } } `