Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: Add labels to contract subjects and epg/esg #184

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Feature: Add labels to contract subjects and epg/esg #184

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
214574c
Feature: Add labels to contract subjects and epg/esg
therealdoug Dec 18, 2024
d5da627
Documentation and pre-commit updates
therealdoug Dec 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
137 changes: 128 additions & 9 deletions aci_tenants.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,25 @@ locals {
bgp_route_summarization_policy = try(subnet.bgp_route_summarization_policy, null) != null ? "${subnet.bgp_route_summarization_policy}${local.defaults.apic.tenants.policies.bgp_route_summarization_policies.name_suffix}" : null
}]
}]
provider_subject_labels = [for label in try(vrf.subject_labels.providers, []) : {
name = "${label.name}${local.defaults.apic.tenants.vrfs.provider_subject_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.vrfs.provider_subject_labels.tag)
is_complement = try(label.is_complement, local.defaults.apic.tenants.vrfs.provider_subject_labels.is_complement)
}]
consumer_subject_labels = [for label in try(vrf.subject_labels.consumers, []) : {
name = "${label.name}${local.defaults.apic.tenants.vrfs.consumer_subject_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.vrfs.consumer_subject_labels.tag)
is_complement = try(label.is_complement, local.defaults.apic.tenants.vrfs.consumer_subject_labels.is_complement)
}]
provider_epg_labels = [for label in try(vrf.epg_labels.providers, []) : {
name = "${label.name}${local.defaults.apic.tenants.vrfs.provider_epg_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.vrfs.provider_epg_labels.tag)
is_complement = try(label.is_complement, local.defaults.apic.tenants.vrfs.provider_epg_labels.is_complement)
}]
consumer_epg_labels = [for label in try(vrf.epg_labels.consumers, []) : {
name = "${label.name}${local.defaults.apic.tenants.vrfs.consumer_epg_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.vrfs.consumer_epg_labels.tag)
}]
}
]
])
Expand Down Expand Up @@ -164,6 +183,10 @@ module "aci_vrf" {
leaked_internal_prefixes = each.value.leaked_internal_prefixes
leaked_external_prefixes = each.value.leaked_external_prefixes
route_summarization_policies = each.value.route_summarization_policies
provider_subject_labels = each.value.provider_subject_labels
consumer_subject_labels = each.value.consumer_subject_labels
provider_epg_labels = each.value.provider_epg_labels
consumer_epg_labels = each.value.consumer_epg_labels

depends_on = [
module.aci_tenant,
Expand Down Expand Up @@ -429,6 +452,23 @@ locals {
from = try(ap.from, "")
to = try(ap.to, "")
}]
provider_epg_labels = [for label in try(epg.epg_labels.providers, []) : {
name = "${label.name}${local.defaults.apic.tenants.application_profiles.endpoint_groups.provider_epg_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.application_profiles.endpoint_groups.provider_epg_labels.tag)
is_complement = try(label.is_complement, local.defaults.apic.tenants.application_profiles.endpoint_groups.provider_epg_labels.is_complement)
}]
consumer_epg_labels = [for label in try(epg.epg_labels.consumers, []) : {
name = "${label.name}${local.defaults.apic.tenants.application_profiles.endpoint_groups.consumer_epg_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.application_profiles.endpoint_groups.consumer_epg_labels.tag)
}]
provider_subject_labels = [for label in try(epg.subject_labels.providers, []) : {
name = "${label.name}${local.defaults.apic.tenants.application_profiles.endpoint_groups.provider_subject_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.application_profiles.endpoint_groups.provider_subject_labels.tag)
}]
consumer_subject_labels = [for label in try(epg.subject_labels.consumers, []) : {
name = "${label.name}${local.defaults.apic.tenants.application_profiles.endpoint_groups.consumer_subject_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.application_profiles.endpoint_groups.consumer_subject_labels.tag)
}]
}
]
]
Expand Down Expand Up @@ -504,8 +544,12 @@ module "aci_endpoint_group" {
vlan = se.vlan
additional_ips = se.additional_ips
}]
l4l7_virtual_ips = each.value.l4l7_virtual_ips
l4l7_address_pools = each.value.l4l7_address_pools
l4l7_virtual_ips = each.value.l4l7_virtual_ips
l4l7_address_pools = each.value.l4l7_address_pools
provider_epg_labels = each.value.provider_epg_labels
consumer_epg_labels = each.value.consumer_epg_labels
provider_subject_labels = each.value.provider_subject_labels
consumer_subject_labels = each.value.consumer_subject_labels

depends_on = [
module.aci_tenant,
Expand Down Expand Up @@ -598,6 +642,23 @@ locals {
from = try(ap.from, "")
to = try(ap.to, "")
}]
provider_useg_epg_labels = [for label in try(useg_epg.useg_epg_labels.providers, []) : {
name = "${label.name}${local.defaults.apic.tenants.application_profiles.useg_endpoint_groups.provider_useg_epg_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.application_profiles.useg_endpoint_groups.provider_useg_epg_labels.tag)
is_complement = try(label.is_complement, local.defaults.apic.tenants.application_profiles.useg_endpoint_groups.provider_useg_epg_labels.is_complement)
}]
consumer_useg_epg_labels = [for label in try(useg_epg.useg_epg_labels.consumers, []) : {
name = "${label.name}${local.defaults.apic.tenants.application_profiles.useg_endpoint_groups.consumer_useg_epg_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.application_profiles.useg_endpoint_groups.consumer_useg_epg_labels.tag)
}]
provider_subject_labels = [for label in try(useg_epg.subject_labels.providers, []) : {
name = "${label.name}${local.defaults.apic.tenants.application_profiles.useg_endpoint_groups.provider_subject_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.application_profiles.useg_endpoint_groups.provider_subject_labels.tag)
}]
consumer_subject_labels = [for label in try(useg_epg.subject_labels.consumers, []) : {
name = "${label.name}${local.defaults.apic.tenants.application_profiles.useg_endpoint_groups.consumer_subject_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.application_profiles.useg_endpoint_groups.consumer_subject_labels.tag)
}]
}
]
]
Expand Down Expand Up @@ -636,7 +697,11 @@ module "aci_useg_endpoint_group" {
pod_id = sl.pod_id == null ? try([for node in try(local.node_policies.nodes, []) : node.pod if node.id == sl.node_id][0], local.defaults.apic.node_policies.nodes.pod) : sl.pod_id
node_id = sl.node_id
}]
l4l7_address_pools = each.value.l4l7_address_pools
l4l7_address_pools = each.value.l4l7_address_pools
provider_useg_epg_labels = each.value.provider_useg_epg_labels
consumer_useg_epg_labels = each.value.consumer_useg_epg_labels
provider_subject_labels = each.value.provider_subject_labels
consumer_subject_labels = each.value.consumer_subject_labels

depends_on = [
module.aci_tenant,
Expand Down Expand Up @@ -688,6 +753,23 @@ locals {
value = sel.value
description = try(sel.description, "")
}]
provider_esg_labels = [for label in try(esg.esg_labels.providers, []) : {
name = "${label.name}${local.defaults.apic.tenants.application_profiles.endpoint_security_groups.provider_esg_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.application_profiles.endpoint_security_groups.provider_esg_labels.tag)
is_complement = try(label.is_complement, local.defaults.apic.tenants.application_profiles.endpoint_security_groups.provider_esg_labels.is_complement)
}]
consumer_esg_labels = [for label in try(esg.esg_labels.consumers, []) : {
name = "${label.name}${local.defaults.apic.tenants.application_profiles.endpoint_security_groups.consumer_esg_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.application_profiles.endpoint_security_groups.consumer_esg_labels.tag)
}]
provider_subject_labels = [for label in try(esg.subject_labels.providers, []) : {
name = "${label.name}${local.defaults.apic.tenants.application_profiles.endpoint_security_groups.provider_subject_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.application_profiles.endpoint_security_groups.provider_subject_labels.tag)
}]
consumer_subject_labels = [for label in try(esg.subject_labels.consumers, []) : {
name = "${label.name}${local.defaults.apic.tenants.application_profiles.endpoint_security_groups.consumer_subject_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.application_profiles.endpoint_security_groups.consumer_subject_labels.tag)
}]
}
]
]
Expand All @@ -714,6 +796,10 @@ module "aci_endpoint_security_group" {
tag_selectors = each.value.tag_selectors
epg_selectors = each.value.epg_selectors
ip_subnet_selectors = each.value.ip_subnet_selectors
provider_esg_labels = each.value.provider_esg_labels
consumer_esg_labels = each.value.consumer_esg_labels
provider_subject_labels = each.value.provider_subject_labels
consumer_subject_labels = each.value.consumer_subject_labels

depends_on = [
module.aci_tenant,
Expand Down Expand Up @@ -1487,6 +1573,23 @@ locals {
direction = try(rcp.direction, local.defaults.apic.tenants.l3outs.external_endpoint_groups.subnets.route_control_profiles.direction)
}]
}]
provider_epg_labels = [for label in try(epg.epg_labels.providers, []) : {
name = "${label.name}${local.defaults.apic.tenants.l3outs.external_endpoint_groups.provider_epg_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.l3outs.external_endpoint_groups.provider_epg_labels.tag)
is_complement = try(label.is_complement, local.defaults.apic.tenants.l3outs.external_endpoint_groups.provider_epg_labels.is_complement)
}]
consumer_epg_labels = [for label in try(epg.epg_labels.consumers, []) : {
name = "${label.name}${local.defaults.apic.tenants.l3outs.external_endpoint_groups.consumer_epg_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.l3outs.external_endpoint_groups.consumer_epg_labels.tag)
}]
provider_subject_labels = [for label in try(epg.subject_labels.providers, []) : {
name = "${label.name}${local.defaults.apic.tenants.l3outs.external_endpoint_groups.provider_subject_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.l3outs.external_endpoint_groups.provider_subject_labels.tag)
}]
consumer_subject_labels = [for label in try(epg.subject_labels.consumers, []) : {
name = "${label.name}${local.defaults.apic.tenants.l3outs.external_endpoint_groups.consumer_subject_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.l3outs.external_endpoint_groups.consumer_subject_labels.tag)
}]
}
]
]
Expand All @@ -1511,6 +1614,10 @@ module "aci_external_endpoint_group" {
contract_imported_consumers = each.value.contract_imported_consumers
route_control_profiles = each.value.route_control_profiles
subnets = each.value.subnets
consumer_epg_labels = each.value.consumer_epg_labels
provider_epg_labels = each.value.provider_epg_labels
consumer_subject_labels = each.value.consumer_subject_labels
provider_subject_labels = each.value.provider_subject_labels

depends_on = [
module.aci_tenant,
Expand Down Expand Up @@ -1809,19 +1916,31 @@ locals {
qos_class = try(contract.qos_class, local.defaults.apic.tenants.contracts.qos_class)
target_dscp = try(contract.target_dscp, local.defaults.apic.tenants.contracts.target_dscp)
subjects = [for subject in try(contract.subjects, []) : {
name = "${subject.name}${local.defaults.apic.tenants.contracts.subjects.name_suffix}"
alias = try(subject.alias, "")
description = try(subject.description, "")
service_graph = try("${subject.service_graph}${local.defaults.apic.tenants.services.service_graph_templates.name_suffix}", null)
qos_class = try(subject.qos_class, local.defaults.apic.tenants.contracts.subjects.qos_class)
target_dscp = try(subject.target_dscp, local.defaults.apic.tenants.contracts.subjects.target_dscp)
name = "${subject.name}${local.defaults.apic.tenants.contracts.subjects.name_suffix}"
alias = try(subject.alias, "")
description = try(subject.description, "")
service_graph = try("${subject.service_graph}${local.defaults.apic.tenants.services.service_graph_templates.name_suffix}", null)
qos_class = try(subject.qos_class, local.defaults.apic.tenants.contracts.subjects.qos_class)
target_dscp = try(subject.target_dscp, local.defaults.apic.tenants.contracts.subjects.target_dscp)
provider_label_match = try(subject.provider_label_match, local.defaults.apic.tenants.contracts.subjects.provider_label_match)
consumer_label_match = try(subject.consumer_label_match, local.defaults.apic.tenants.contracts.subjects.consumer_label_match)
filters = [for filter in try(subject.filters, []) : {
filter = "${filter.filter}${local.defaults.apic.tenants.filters.name_suffix}"
action = try(filter.action, local.defaults.apic.tenants.contracts.subjects.filters.action)
priority = try(filter.priority, local.defaults.apic.tenants.contracts.subjects.filters.priority)
log = try(filter.log, local.defaults.apic.tenants.contracts.subjects.filters.log)
no_stats = try(filter.no_stats, local.defaults.apic.tenants.contracts.subjects.filters.no_stats)
}]
provider_labels = [for label in try(subject.labels.providers, []) : {
name = "${label.name}${local.defaults.apic.tenants.contracts.subjects.provider_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.contracts.subjects.provider_labels.tag)
is_complement = try(label.is_complement, local.defaults.apic.tenants.contracts.subjects.provider_labels.is_complement)
}]
consumer_labels = [for label in try(subject.labels.consumers, []) : {
name = "${label.name}${local.defaults.apic.tenants.contracts.subjects.consumer_labels.name_suffix}"
tag = try(label.tag, local.defaults.apic.tenants.contracts.subjects.consumer_labels.tag)
is_complement = try(label.is_complement, local.defaults.apic.tenants.contracts.subjects.consumer_labels.is_complement)
}]
}]
}
]
Expand Down
72 changes: 72 additions & 0 deletions defaults/defaults.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -806,6 +806,22 @@ defaults:
name_suffix: ""
nodes:
pod: 1
provider_subject_labels:
name_suffix: ""
tag: black
is_complement: false
consumer_subject_labels:
name_suffix: ""
tag: black
is_complement: false
provider_epg_labels:
name_suffix: ""
tag: black
is_complement: false
consumer_epg_labels:
name_suffix: ""
tag: black
is_complement: false
bridge_domains:
name_suffix: ""
ndo_managed: false
Expand Down Expand Up @@ -1010,6 +1026,19 @@ defaults:
route_control_profiles:
name_suffix: ""
direction: import
consumer_subject_labels:
name_suffix: ""
tag: black
provider_subject_labels:
name_suffix: ""
tag: black
consumer_epg_labels:
name_suffix: ""
tag: black
provider_epg_labels:
name_suffix: ""
tag: black
is_complement: false
import_route_map:
type: global
contexts:
Expand Down Expand Up @@ -1080,6 +1109,15 @@ defaults:
name_suffix: ""
start_ip: 0.0.0.0
end_ip: 0.0.0.0
consumer_subject_labels:
name_suffix: ""
provider_subject_labels:
name_suffix: ""
consumer_epg_labels:
name_suffix: ""
provider_epg_labels:
name_suffix: ""
is_complement: false
useg_endpoint_groups:
name_suffix: ""
flood_in_encap: false
Expand Down Expand Up @@ -1108,13 +1146,39 @@ defaults:
name_suffix: ""
start_ip: 0.0.0.0
end_ip: 0.0.0.0
consumer_subject_labels:
name_suffix: ""
tag: black
provider_subject_labels:
name_suffix: ""
tag: black
provider_useg_epg_labels:
name_suffix: ""
tag: black
is_complement: false
consumer_useg_epg_labels:
name_suffix: ""
tag: black
endpoint_security_groups:
name_suffix: ""
shutdown: false
intra_esg_isolation: false
preferred_group: false
tag_selectors:
operator: equals
consumer_subject_labels:
name_suffix: ""
tag: black
provider_subject_labels:
name_suffix: ""
tag: black
provider_esg_labels:
name_suffix: ""
tag: black
is_complement: false
consumer_esg_labels:
name_suffix: ""
tag: black
inb_endpoint_groups:
name_suffix: ""
oob_endpoint_groups:
Expand Down Expand Up @@ -1172,6 +1236,14 @@ defaults:
priority: default
log: false
no_stats: false
consumer_label_match: AtleastOne
provider_label_match: AtleastOne
provider_labels:
name_suffix: ""
is_complement: false
consumer_labels:
name_suffix: ""
is_complement: false
imported_contracts:
name_suffix: ""
oob_contracts:
Expand Down
Loading
Loading