chore: improved openstack network handling

.gitignore

@@ -32,3 +32,7 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+
+# ignore examples terraform dependency management files and directories
+examples/.terraform
+examples/.terraform.lock.hcl

README.md

@@ -46,7 +46,7 @@ No modules.
 | <a name="input_argocd_daemon_name"></a> [argocd\_daemon\_name](#input\_argocd\_daemon\_name) | Name of the ArgoCD daemon namespace. | `string` | `"argo-daemon"` | no |
 | <a name="input_cidr_ranges"></a> [cidr\_ranges](#input\_cidr\_ranges) | All different CIDR ranges for the different needed IP ranges for a cluster | <pre>object({<br>    services_cidr = string<br>    pods_cidr     = string<br>  })</pre> | <pre>{<br>  "pods_cidr": "10.0.0.0/16",<br>  "services_cidr": "10.240.0.0/16"<br>}</pre> | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the created cluster (must be unique per Metakube project) | `string` | n/a | yes |
-| <a name="input_cluster_rbac"></a> [cluster\_rbac](#input\_cluster\_rbac) | n/a | <pre>map(list(object({<br>    kind = string<br>    name = string<br>  })))</pre> | n/a | yes |
+| <a name="input_cluster_rbac"></a> [cluster\_rbac](#input\_cluster\_rbac) | The RBAC configuration for the cluster. The key is the name of the cluster role and the value is a list of subjects. | <pre>map(list(object({<br>    kind = string<br>    name = string<br>  })))</pre> | n/a | yes |
 | <a name="input_cluster_update_window"></a> [cluster\_update\_window](#input\_cluster\_update\_window) | The update window for the cluster. If set to null, no update window will be set. | <pre>object({<br>    start  = string<br>    length = string<br>  })</pre> | `null` | no |
 | <a name="input_dc_name"></a> [dc\_name](#input\_dc\_name) | Datacenter name at SysEleven (DBl, ...) | `string` | `"syseleven-dbl1"` | no |
 | <a name="input_default_priority_classes_enabled"></a> [default\_priority\_classes\_enabled](#input\_default\_priority\_classes\_enabled) | Enable the creation of the default priority classes. If set to false, the default priority classes will not be created. Default priority classes are: ingress-critical (100000000), monitoring-critical (99900000), logging-critical (99800000), platform-critical (99700000) | `bool` | `true` | no |
@@ -55,7 +55,7 @@ No modules.
 | <a name="input_node_pools"></a> [node\_pools](#input\_node\_pools) | List all node pools that should be created in the cluster | <pre>map(object({<br>    replicas = object({<br>      min = number<br>      max = number<br>    })<br>    labels = optional(map(string))<br>    os_config = object({<br>      image       = string<br>      auto_update = bool<br>    })<br>    node_config = object({<br>      flavor          = string<br>      use_floating_ip = bool<br>    })<br>    taints = optional(list(object({<br>      key    = string<br>      value  = string<br>      effect = string<br>    })))<br>  }))</pre> | n/a | yes |
 | <a name="input_openstack_application_credential_id"></a> [openstack\_application\_credential\_id](#input\_openstack\_application\_credential\_id) | The OpenStack application credential ID to use for the metakube cluster | `string` | n/a | yes |
 | <a name="input_openstack_application_credential_secret"></a> [openstack\_application\_credential\_secret](#input\_openstack\_application\_credential\_secret) | The OpenStack application credential to use for the metakube cluster | `string` | n/a | yes |
-| <a name="input_openstack_network_config"></a> [openstack\_network\_config](#input\_openstack\_network\_config) | n/a | <pre>object({<br>    network_id  = optional(string)<br>    subnet_id   = optional(string)<br>    subnet_cidr = optional(string)<br>  })</pre> | n/a | yes |
+| <a name="input_openstack_network_config"></a> [openstack\_network\_config](#input\_openstack\_network\_config) | The network configuration for the metakube cluster. Either network\_name or subnet\_id or subnet\_cidr must be set. | <pre>object({<br>    network_name = optional(string)<br>    subnet_id    = optional(string)<br>    subnet_cidr  = optional(string)<br>  })</pre> | n/a | yes |
 | <a name="input_syseleven_auth_realm"></a> [syseleven\_auth\_realm](#input\_syseleven\_auth\_realm) | The realm to use for the syseleven auth | `string` | n/a | yes |
 
 ## Outputs

examples/with_openstack_subnet_cidr.tf

@@ -0,0 +1,39 @@
+module "with_openstack_subnet_cidr" {
+  source = "../"
+
+  cluster_name                            = "example-cluster"
+  openstack_application_credential_id     = "abc"
+  openstack_application_credential_secret = "abc"
+
+  openstack_network_config = {
+    subnet_cidr = "10.0.0.0/24"
+  }
+
+  cluster_rbac = {
+    "name" = [ {
+      kind = "value"
+      name = "value"
+    } ]
+  }
+
+  syseleven_auth_realm = "example"
+
+  metakube_project_id = "example"
+
+  node_pools = {
+    "example" = {
+      node_config = {
+        flavor          = "example"
+        use_floating_ip = false
+      }
+      os_config = {
+        auto_update = false
+        image       = "example"
+      }
+      replicas = {
+        max = 0
+        min = 0
+      }
+    }
+  }
+}

examples/with_opentstack_subnet_id.tf

@@ -0,0 +1,40 @@
+module "with_opentstack_subnet_id" {
+  source = "../"
+
+  cluster_name                            = "example-cluster"
+  openstack_application_credential_id     = "abc"
+  openstack_application_credential_secret = "abc"
+
+  openstack_network_config = {
+    network_name = "example"
+    subnet_id    = "example"
+  }
+
+  cluster_rbac = {
+    "name" = [{
+      kind = "value"
+      name = "value"
+    }]
+  }
+
+  syseleven_auth_realm = "example"
+
+  metakube_project_id = "example"
+
+  node_pools = {
+    "example" = {
+      node_config = {
+        flavor          = "example"
+        use_floating_ip = false
+      }
+      os_config = {
+        auto_update = false
+        image       = "example"
+      }
+      replicas = {
+        max = 0
+        min = 0
+      }
+    }
+  }
+}

main.tf

@@ -19,9 +19,9 @@ resource "metakube_cluster" "this" {
           id     = var.openstack_application_credential_id
           secret = var.openstack_application_credential_secret
         }
-        network     = var.openstack_network_config.network_id != null && var.openstack_network_config.subnet_id != null ? var.openstack_network_config.network_id : null
-        subnet_id   = var.openstack_network_config.network_id != null && var.openstack_network_config.subnet_id != null ? var.openstack_network_config.subnet_id : null
-        subnet_cidr = (var.openstack_network_config.network_id == null && var.openstack_network_config.subnet_id == null) && var.openstack_network_config.subnet_cidr != null ? var.openstack_network_config.subnet_cidr : null
+        network     = var.openstack_network_config.network_name
+        subnet_id   = var.openstack_network_config.subnet_id
+        subnet_cidr = var.openstack_network_config.subnet_cidr
       }
     }
     // configure OIDC authentication

variables.tf

@@ -41,10 +41,20 @@ variable "openstack_application_credential_secret" {
 
 variable "openstack_network_config" {
   type = object({
-    network_id  = optional(string)
-    subnet_id   = optional(string)
-    subnet_cidr = optional(string)
+    network_name = optional(string)
+    subnet_id    = optional(string)
+    subnet_cidr  = optional(string)
   })
+  nullable    = true
+  description = "The network configuration for the metakube cluster. Either network_name or subnet_id or subnet_cidr must be set."
+  validation {
+    condition     = ((var.openstack_network_config.network_name == null && var.openstack_network_config.subnet_id == null) && var.openstack_network_config.subnet_cidr != null) || ((var.openstack_network_config.network_name != null && var.openstack_network_config.subnet_id != null) && var.openstack_network_config.subnet_cidr == null)
+    error_message = "Either network_name and subnet_id or subnet_cidr must be set."
+  }
+  validation {
+    condition     = var.openstack_network_config.subnet_cidr != null ? can(regex("^((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}/([1|2]+\\d|8|9)$", var.openstack_network_config.subnet_cidr)) : true
+    error_message = "No valid IP range in CIDR given in field openstack_network_config.subnet_cidr"
+  }
 }
 
 variable "syseleven_auth_realm" {
@@ -110,6 +120,7 @@ variable "cluster_rbac" {
     kind = string
     name = string
   })))
+  description = "The RBAC configuration for the cluster. The key is the name of the cluster role and the value is a list of subjects."
 }
 
 variable "argocd_daemon_enabled" {