From e38f845062c54902697805fbce2ae000d6a6612d Mon Sep 17 00:00:00 2001 From: Mrugesh Mohapatra Date: Wed, 15 Jan 2025 00:17:23 +0530 Subject: [PATCH] fix(new-api): add tags and filter on them in FW --- terraform/ops-standalone/main.tf | 14 ++++++++++++++ terraform/ops-standalone/next-00-backoffice.tf | 16 ++++++++++++++-- terraform/prd-cluster-oldeworld/next-04-api.tf | 5 ++++- terraform/stg-cluster-oldeworld/next-04-api.tf | 5 ++++- 4 files changed, 36 insertions(+), 4 deletions(-) diff --git a/terraform/ops-standalone/main.tf b/terraform/ops-standalone/main.tf index fd16cd8e..bd71ef26 100644 --- a/terraform/ops-standalone/main.tf +++ b/terraform/ops-standalone/main.tf @@ -39,3 +39,17 @@ data "linode_instances" "prd_oldeworld_jms" { values = ["prd_oldeworld_jms"] } } + +data "linode_instances" "stg_oldeworld_api" { + filter { + name = "tags" + values = ["stg_oldeworld_api", "new"] + } +} + +data "linode_instances" "prd_oldeworld_api" { + filter { + name = "tags" + values = ["prd_oldeworld_api", "new"] + } +} diff --git a/terraform/ops-standalone/next-00-backoffice.tf b/terraform/ops-standalone/next-00-backoffice.tf index ab365163..3ee3bcae 100644 --- a/terraform/ops-standalone/next-00-backoffice.tf +++ b/terraform/ops-standalone/next-00-backoffice.tf @@ -130,7 +130,13 @@ resource "linode_firewall" "ops_backoffice_firewall" { action = "ACCEPT" ipv4 = flatten([ [for i in data.linode_instances.stg_oldeworld_jms.instances : "${i.private_ip_address}/32"], - [for i in data.linode_instances.prd_oldeworld_jms.instances : "${i.private_ip_address}/32"] + [for i in data.linode_instances.prd_oldeworld_jms.instances : "${i.private_ip_address}/32"], + [for i in data.linode_instances.stg_oldeworld_api.instances : + contains(i.tags, "new_api") ? ["${i.private_ip_address}/32"] : [] + ], + [for i in data.linode_instances.prd_oldeworld_api.instances : + contains(i.tags, "new_api") ? ["${i.private_ip_address}/32"] : [] + ] ]) } @@ -141,7 +147,13 @@ resource "linode_firewall" "ops_backoffice_firewall" { action = "ACCEPT" ipv4 = flatten([ [for i in data.linode_instances.stg_oldeworld_jms.instances : "${i.private_ip_address}/32"], - [for i in data.linode_instances.prd_oldeworld_jms.instances : "${i.private_ip_address}/32"] + [for i in data.linode_instances.prd_oldeworld_jms.instances : "${i.private_ip_address}/32"], + [for i in data.linode_instances.stg_oldeworld_api.instances : + contains(i.tags, "new_api") ? ["${i.private_ip_address}/32"] : [] + ], + [for i in data.linode_instances.prd_oldeworld_api.instances : + contains(i.tags, "new_api") ? ["${i.private_ip_address}/32"] : [] + ] ]) } diff --git a/terraform/prd-cluster-oldeworld/next-04-api.tf b/terraform/prd-cluster-oldeworld/next-04-api.tf index 7d437b5e..f3c058ae 100644 --- a/terraform/prd-cluster-oldeworld/next-04-api.tf +++ b/terraform/prd-cluster-oldeworld/next-04-api.tf @@ -9,7 +9,10 @@ resource "linode_instance" "prd_oldeworld_api" { # NOTE: # Value should use '_' as sepratator for compatibility with Ansible Dynamic Inventory - tags = ["prd", "oldeworld", "api", "prd_oldeworld_api"] + tags = concat( + ["prd", "oldeworld", "api", "prd_oldeworld_api"], + count.index > 2 ? ["new_api"] : [] + ) lifecycle { ignore_changes = [ diff --git a/terraform/stg-cluster-oldeworld/next-04-api.tf b/terraform/stg-cluster-oldeworld/next-04-api.tf index 6bfcc458..a95b08da 100644 --- a/terraform/stg-cluster-oldeworld/next-04-api.tf +++ b/terraform/stg-cluster-oldeworld/next-04-api.tf @@ -9,7 +9,10 @@ resource "linode_instance" "stg_oldeworld_api" { # NOTE: # Value should use '_' as sepratator for compatibility with Ansible Dynamic Inventory - tags = ["stg", "oldeworld", "api", "stg_oldeworld_api"] + tags = concat( + ["stg", "oldeworld", "api", "stg_oldeworld_api"], + count.index > 2 ? ["new_api"] : [] + ) lifecycle { ignore_changes = [