Compute set of all instance tags in module.design

cmd-ntrf · cmd-ntrf · commit 83370025e9bd · 2025-04-11T12:05:09.000-04:00
Use the set of tags in network and aws to avoid creating a
placement group when not required to.
diff --git a/aws/infrastructure.tf b/aws/infrastructure.tf
@@ -67,6 +67,7 @@ locals {
 }
 
 resource "aws_placement_group" "efa_group" {
+  count    = contains(module.design.all_instance_tags, "efa") ? 1 : 0
   name     = "${var.cluster_name}-efa-placement_group"
   strategy = "cluster"
 }
@@ -87,7 +88,7 @@ resource "aws_instance" "instances" {
   ami               = lookup(each.value, "image", var.image)
   user_data         = base64gzip(module.configuration.user_data[each.key])
   availability_zone = local.availability_zone
-  placement_group   = contains(each.value.tags, "efa") ? aws_placement_group.efa_group.id : null
+  placement_group   = contains(each.value.tags, "efa") ? aws_placement_group.efa_group[0].id : null
 
   key_name          = aws_key_pair.key.key_name
 
diff --git a/aws/network.tf b/aws/network.tf
@@ -48,8 +48,7 @@ resource "aws_security_group" "allow_out_any" {
 }
 
 locals {
-  all_tags   = toset(flatten([ for key, value in module.design.instances: value.tags ]))
-  sec_groups = toset([ for name, rule in var.firewall_rules: rule.tag if contains(local.all_tags, rule.tag) ])
+  sec_groups = toset([ for name, rule in var.firewall_rules: rule.tag if contains(module.design.all_instance_tags, rule.tag) ])
 }
 
 resource "aws_security_group" "external" {
diff --git a/common/design/outputs.tf b/common/design/outputs.tf
@@ -21,3 +21,7 @@ output "domain_name" {
 output "bastion_tag" {
   value = local.bastion_tag
 }
+
+output "all_instance_tags" {
+  value = toset(flatten([for instance in local.instances: instance.tags]))
+}
diff --git a/gcp/network.tf b/gcp/network.tf
@@ -46,12 +46,8 @@ resource "google_compute_firewall" "allow_all_internal" {
 
 }
 
-locals {
-  all_tags = toset(flatten([ for key, value in module.design.instances: value.tags ]))
-}
-
 resource "google_compute_firewall" "default" {
-  for_each = { for name, rule in var.firewall_rules: name => rule if contains(local.all_tags, rule.tag) }
+  for_each = { for name, rule in var.firewall_rules: name => rule if contains(module.design.all_instance_tags, rule.tag) }
   name     = format("%s-%s", var.cluster_name, lower(each.key))
   network  = google_compute_network.network.self_link
 
diff --git a/openstack/network-2.tf b/openstack/network-2.tf
@@ -31,8 +31,7 @@ resource openstack_networking_secgroup_rule_v2 "udp" {
 }
 
 locals {
-  all_tags   = toset(flatten([ for key, value in module.design.instances: value.tags ]))
-  sec_groups = toset([ for name, rule in var.firewall_rules: rule.tag if contains(local.all_tags, rule.tag) ])
+  sec_groups = toset([ for name, rule in var.firewall_rules: rule.tag if contains(module.design.all_instance_tags, rule.tag) ])
 }
 
 resource "openstack_networking_secgroup_v2" "external" {

Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,7 @@ locals {`
`67`	`67`	`}`
`68`	`68`
`69`	`69`	`resource "aws_placement_group" "efa_group" {`
	`70`	`+ count = contains(module.design.all_instance_tags, "efa") ? 1 : 0`
`70`	`71`	`name = "${var.cluster_name}-efa-placement_group"`
`71`	`72`	`strategy = "cluster"`
`72`	`73`	`}`
`@@ -87,7 +88,7 @@ resource "aws_instance" "instances" {`
`87`	`88`	`ami = lookup(each.value, "image", var.image)`
`88`	`89`	`user_data = base64gzip(module.configuration.user_data[each.key])`
`89`	`90`	`availability_zone = local.availability_zone`
`90`		`- placement_group = contains(each.value.tags, "efa") ? aws_placement_group.efa_group.id : null`
	`91`	`+ placement_group = contains(each.value.tags, "efa") ? aws_placement_group.efa_group[0].id : null`
`91`	`92`
`92`	`93`	`key_name = aws_key_pair.key.key_name`
`93`	`94`
Original file line number	Diff line number	Diff line change
`@@ -48,8 +48,7 @@ resource "aws_security_group" "allow_out_any" {`
`48`	`48`	`}`
`49`	`49`
`50`	`50`	`locals {`
`51`		`- all_tags = toset(flatten([ for key, value in module.design.instances: value.tags ]))`
`52`		`- sec_groups = toset([ for name, rule in var.firewall_rules: rule.tag if contains(local.all_tags, rule.tag) ])`
	`51`	`+ sec_groups = toset([ for name, rule in var.firewall_rules: rule.tag if contains(module.design.all_instance_tags, rule.tag) ])`
`53`	`52`	`}`
`54`	`53`
`55`	`54`	`resource "aws_security_group" "external" {`
Original file line number	Diff line number	Diff line change
`@@ -21,3 +21,7 @@ output "domain_name" {`
`21`	`21`	`output "bastion_tag" {`
`22`	`22`	`value = local.bastion_tag`
`23`	`23`	`}`
	`24`	`+`
	`25`	`+output "all_instance_tags" {`
	`26`	`+ value = toset(flatten([for instance in local.instances: instance.tags]))`
	`27`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -31,8 +31,7 @@ resource openstack_networking_secgroup_rule_v2 "udp" {`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`locals {`
`34`		`- all_tags = toset(flatten([ for key, value in module.design.instances: value.tags ]))`
`35`		`- sec_groups = toset([ for name, rule in var.firewall_rules: rule.tag if contains(local.all_tags, rule.tag) ])`
	`34`	`+ sec_groups = toset([ for name, rule in var.firewall_rules: rule.tag if contains(module.design.all_instance_tags, rule.tag) ])`
`36`	`35`	`}`
`37`	`36`
`38`	`37`	`resource "openstack_networking_secgroup_v2" "external" {`