use availability zones to determine subnets cidr blocks (#32)

* use availability zones to determine subnets cidr blocks

* remove vpc_secondary_cidr default value

* calculate newbits dynamically based on the number of availability zones

* update pre-commit hooks version

Author: nerahou

Diff for: .github/workflows/checks.yaml

@@ -23,5 +23,13 @@ jobs:
         uses: actions/checkout@v3
 
       - uses: actions/setup-python@v3
+        with:
+          python-version: "3.10"
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "^1.5.0"
+          terraform_wrapper: false
 
       - uses: pre-commit/[email protected]

Diff for: .pre-commit-config.yaml

@@ -1,29 +1,29 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.82.0
+    rev: v1.96.3
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
       - id: terraform_docs
         args:
-          - '--args=--lockfile=false'
-          - '--hook-config=--path-to-file=README.md'
-          - '--hook-config=--create-file-if-not-exist=true'
+          - "--args=--lockfile=false"
+          - "--hook-config=--path-to-file=README.md"
+          - "--hook-config=--create-file-if-not-exist=true"
       - id: terraform_tflint
         args:
-          - '--args=--only=terraform_deprecated_interpolation'
-          - '--args=--only=terraform_deprecated_index'
-          - '--args=--only=terraform_unused_declarations'
-          - '--args=--only=terraform_comment_syntax'
-          - '--args=--only=terraform_documented_outputs'
-          - '--args=--only=terraform_documented_variables'
-          - '--args=--only=terraform_typed_variables'
-          - '--args=--only=terraform_module_pinned_source'
-          - '--args=--only=terraform_naming_convention'
-          - '--args=--only=terraform_required_version'
-          - '--args=--only=terraform_required_providers'
-          - '--args=--only=terraform_standard_module_structure'
-          - '--args=--only=terraform_workspace_remote'
+          - "--args=--only=terraform_deprecated_interpolation"
+          - "--args=--only=terraform_deprecated_index"
+          - "--args=--only=terraform_unused_declarations"
+          - "--args=--only=terraform_comment_syntax"
+          - "--args=--only=terraform_documented_outputs"
+          - "--args=--only=terraform_documented_variables"
+          - "--args=--only=terraform_typed_variables"
+          - "--args=--only=terraform_module_pinned_source"
+          - "--args=--only=terraform_naming_convention"
+          - "--args=--only=terraform_required_version"
+          - "--args=--only=terraform_required_providers"
+          - "--args=--only=terraform_standard_module_structure"
+          - "--args=--only=terraform_workspace_remote"
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.4.0
     hooks:

Diff for: main.tf

@@ -14,6 +14,16 @@
  * limitations under the License.
 */
 
+data "aws_region" "current" {}
+
+locals {
+  # Calculate newbits dynamically based on the number of availability zones
+  # 1 or 2 AZs, newbits = 1 (2 subnets needed).
+  # 3 or 4 AZs, newbits = 2 (4 subnets needed).
+  # 5 to 8 AZs, newbits = 3 (8 subnets needed).
+  # and so on...
+  newbits = ceil(log(length(var.availability_zones), 2))
+}
 
 # VPC
 resource "aws_vpc" "quortex" {
@@ -38,13 +48,22 @@ resource "aws_default_security_group" "quortex" {
 }
 
 resource "aws_vpc_ipv4_cidr_block_association" "secondary" {
-  for_each   = var.vpc_secondary_cidrs
+  for_each   = toset([for index, az in var.availability_zones : cidrsubnet(var.vpc_secondary_cidr, local.newbits, index)])
   vpc_id     = aws_vpc.quortex.id
   cidr_block = each.value
 }
 
 resource "aws_subnet" "quortex" {
-  for_each = var.subnets
+  for_each = merge([
+    for key, subnet in var.subnets : {
+      for index, az in var.availability_zones : "${key}-${data.aws_region.current.name}${az}" => {
+        "availability_zone" = "${data.aws_region.current.name}${az}",
+        "cidr"              = cidrsubnet(subnet.cidr, local.newbits, index),
+        "public"            = subnet.public,
+        "tags"              = subnet.tags,
+      }
+    }
+  ]...)
 
   vpc_id                  = aws_vpc.quortex.id
   availability_zone       = each.value.availability_zone

Diff for: variables.tf

@@ -20,12 +20,6 @@ variable "vpc_name" {
   default     = "quortex"
 }
 
-variable "vpc_secondary_cidrs" {
-  type        = set(string)
-  description = "IPv4 secondary CIDRs to add to the VPC."
-  default     = []
-}
-
 variable "cluster_name" {
   type        = string
   description = "The name of the EKS cluster. Will be used to set the kubernetes.io/cluster/<cluster-name> tag on the VPC and subnets. It is required for Kubernetes to discover them."
@@ -71,10 +65,10 @@ variable "vpc_cidr_block" {
 }
 
 variable "subnets" {
-  type        = map(object({ availability_zone = string, cidr = string, public = bool, tags = optional(map(string), {}) }))
+  type        = map(object({ cidr = string, public = bool, tags = optional(map(string), {}) }))
   description = <<EOT
 A map representing the subnets that need to be created. Each item should
-specify the subnet's Availability Zone, cidr block, whether the subnet
+specify the subnet's cidr block, whether the subnet
 should be public or not and optionally extra tags to add.
 EOT
 }
@@ -96,3 +90,13 @@ variable "tags" {
   description = "The tags (a map of key/value pairs) to be applied to created resources."
   default     = {}
 }
+
+variable "vpc_secondary_cidr" {
+  type        = string
+  description = "IPv4 secondary CIDR to add to the VPC."
+}
+
+variable "availability_zones" {
+  type        = list(string)
+  description = "The availability zones to use."
+}