From 5bca106f540d9780198e91bceb51bd2a6c0710b2 Mon Sep 17 00:00:00 2001
From: "Jeremy T. Bouse" <jbouse@users.noreply.github.com>
Date: Mon, 25 Apr 2022 01:14:44 -0400
Subject: [PATCH] WIP: Add ipv4_ipam_pool_id & ipv4_netmask_length (#102)

---
 README.md         |  6 ++++--
 docs/terraform.md |  4 +++-
 main.tf           |  2 ++
 variables.tf      | 22 +++++++++++++++++++++-
 4 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index e033aaf..ef8f857 100644
--- a/README.md
+++ b/README.md
@@ -217,7 +217,7 @@ Available targets:
 | <a name="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.<br>This is for some rare cases where resources want additional configuration of tags<br>and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
 | <a name="input_assign_generated_ipv6_cidr_block"></a> [assign\_generated\_ipv6\_cidr\_block](#input\_assign\_generated\_ipv6\_cidr\_block) | DEPRECATED, use `ipv6_enabled` instead: Whether to assign generated ipv6 cidr block to the VPC | `bool` | `null` | no |
 | <a name="input_attributes"></a> [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br>in the order they appear in the list. New attributes are appended to the<br>end of the list. The elements of the list are joined by the `delimiter`<br>and treated as a single ID element. | `list(string)` | `[]` | no |
-| <a name="input_cidr_block"></a> [cidr\_block](#input\_cidr\_block) | IPv4 CIDR to assign to the VPC | `string` | n/a | yes |
+| <a name="input_cidr_block"></a> [cidr\_block](#input\_cidr\_block) | The IPv4 CIDR block for the VPC.<br>Either `cidr_block` or `ipv4_ipam_pool_id` must be set, but not both. | `string` | `null` | no |
 | <a name="input_classiclink_dns_support_enabled"></a> [classiclink\_dns\_support\_enabled](#input\_classiclink\_dns\_support\_enabled) | A boolean flag to enable/disable ClassicLink DNS Support for the VPC | `bool` | `false` | no |
 | <a name="input_classiclink_enabled"></a> [classiclink\_enabled](#input\_classiclink\_enabled) | A boolean flag to enable/disable ClassicLink for the VPC | `bool` | `false` | no |
 | <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "descriptor_formats": {},<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_key_case": null,<br>  "label_order": [],<br>  "label_value_case": null,<br>  "labels_as_tags": [<br>    "unset"<br>  ],<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {},<br>  "tenant": null<br>}</pre> | no |
@@ -237,6 +237,8 @@ Available targets:
 | <a name="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for keep the existing setting, which defaults to `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
 | <a name="input_instance_tenancy"></a> [instance\_tenancy](#input\_instance\_tenancy) | A tenancy option for instances launched into the VPC | `string` | `"default"` | no |
 | <a name="input_internet_gateway_enabled"></a> [internet\_gateway\_enabled](#input\_internet\_gateway\_enabled) | A boolean flag to enable/disable Internet Gateway creation | `bool` | `true` | no |
+| <a name="input_ipv4_ipam_pool_id"></a> [ipv4\_ipam\_pool\_id](#input\_ipv4\_ipam\_pool\_id) | The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR.<br>Either `cidr_block` or `ipv4_ipam_pool_id` must be set, but not both. | `string` | `null` | no |
+| <a name="input_ipv4_netmask_length"></a> [ipv4\_netmask\_length](#input\_ipv4\_netmask\_length) | The netmask length of the IPv4 CIDR you want to allocate to this VPC. | `number` | `16` | no |
 | <a name="input_ipv6_egress_only_internet_gateway_enabled"></a> [ipv6\_egress\_only\_internet\_gateway\_enabled](#input\_ipv6\_egress\_only\_internet\_gateway\_enabled) | A boolean flag to enable/disable IPv6 Egress-Only Internet Gateway creation | `bool` | `false` | no |
 | <a name="input_ipv6_enabled"></a> [ipv6\_enabled](#input\_ipv6\_enabled) | If `true`, enable IPv6 and assign a generated CIDR block to the VPC | `bool` | `true` | no |
 | <a name="input_label_key_case"></a> [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.<br>Does not affect keys of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper`.<br>Default value: `title`. | `string` | `null` | no |
@@ -359,7 +361,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
 
 ## Copyright
 
-Copyright © 2017-2021 [Cloud Posse, LLC](https://cpco.io/copyright)
+Copyright © 2017-2022 [Cloud Posse, LLC](https://cpco.io/copyright)
 
 
 
diff --git a/docs/terraform.md b/docs/terraform.md
index a097c23..debcd5c 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -37,7 +37,7 @@
 | <a name="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.<br>This is for some rare cases where resources want additional configuration of tags<br>and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
 | <a name="input_assign_generated_ipv6_cidr_block"></a> [assign\_generated\_ipv6\_cidr\_block](#input\_assign\_generated\_ipv6\_cidr\_block) | DEPRECATED, use `ipv6_enabled` instead: Whether to assign generated ipv6 cidr block to the VPC | `bool` | `null` | no |
 | <a name="input_attributes"></a> [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br>in the order they appear in the list. New attributes are appended to the<br>end of the list. The elements of the list are joined by the `delimiter`<br>and treated as a single ID element. | `list(string)` | `[]` | no |
-| <a name="input_cidr_block"></a> [cidr\_block](#input\_cidr\_block) | IPv4 CIDR to assign to the VPC | `string` | n/a | yes |
+| <a name="input_cidr_block"></a> [cidr\_block](#input\_cidr\_block) | The IPv4 CIDR block for the VPC.<br>Either `cidr_block` or `ipv4_ipam_pool_id` must be set, but not both. | `string` | `null` | no |
 | <a name="input_classiclink_dns_support_enabled"></a> [classiclink\_dns\_support\_enabled](#input\_classiclink\_dns\_support\_enabled) | A boolean flag to enable/disable ClassicLink DNS Support for the VPC | `bool` | `false` | no |
 | <a name="input_classiclink_enabled"></a> [classiclink\_enabled](#input\_classiclink\_enabled) | A boolean flag to enable/disable ClassicLink for the VPC | `bool` | `false` | no |
 | <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "descriptor_formats": {},<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_key_case": null,<br>  "label_order": [],<br>  "label_value_case": null,<br>  "labels_as_tags": [<br>    "unset"<br>  ],<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {},<br>  "tenant": null<br>}</pre> | no |
@@ -57,6 +57,8 @@
 | <a name="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for keep the existing setting, which defaults to `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
 | <a name="input_instance_tenancy"></a> [instance\_tenancy](#input\_instance\_tenancy) | A tenancy option for instances launched into the VPC | `string` | `"default"` | no |
 | <a name="input_internet_gateway_enabled"></a> [internet\_gateway\_enabled](#input\_internet\_gateway\_enabled) | A boolean flag to enable/disable Internet Gateway creation | `bool` | `true` | no |
+| <a name="input_ipv4_ipam_pool_id"></a> [ipv4\_ipam\_pool\_id](#input\_ipv4\_ipam\_pool\_id) | The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR.<br>Either `cidr_block` or `ipv4_ipam_pool_id` must be set, but not both. | `string` | `null` | no |
+| <a name="input_ipv4_netmask_length"></a> [ipv4\_netmask\_length](#input\_ipv4\_netmask\_length) | The netmask length of the IPv4 CIDR you want to allocate to this VPC. | `number` | `16` | no |
 | <a name="input_ipv6_egress_only_internet_gateway_enabled"></a> [ipv6\_egress\_only\_internet\_gateway\_enabled](#input\_ipv6\_egress\_only\_internet\_gateway\_enabled) | A boolean flag to enable/disable IPv6 Egress-Only Internet Gateway creation | `bool` | `false` | no |
 | <a name="input_ipv6_enabled"></a> [ipv6\_enabled](#input\_ipv6\_enabled) | If `true`, enable IPv6 and assign a generated CIDR block to the VPC | `bool` | `true` | no |
 | <a name="input_label_key_case"></a> [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.<br>Does not affect keys of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper`.<br>Default value: `title`. | `string` | `null` | no |
diff --git a/main.tf b/main.tf
index 2c4dcfb..3589774 100644
--- a/main.tf
+++ b/main.tf
@@ -15,6 +15,8 @@ resource "aws_vpc" "default" {
 
   #bridgecrew:skip=BC_AWS_LOGGING_9:VPC Flow Logs are meant to be enabled by terraform-aws-vpc-flow-logs-s3-bucket and/or terraform-aws-cloudwatch-flow-logs
   cidr_block                       = var.cidr_block
+  ipv4_ipam_pool_id                = var.ipv4_ipam_pool_id
+  ipv4_netmask_length              = local.ipv4_netmask_length
   instance_tenancy                 = var.instance_tenancy
   enable_dns_hostnames             = local.dns_hostnames_enabled
   enable_dns_support               = local.dns_support_enabled
diff --git a/variables.tf b/variables.tf
index 53a51ea..ed7435a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,7 +1,27 @@
 variable "cidr_block" {
   type        = string
-  description = "IPv4 CIDR to assign to the VPC"
+  description = <<-EOT
+    The IPv4 CIDR block for the VPC.
+    Either `cidr_block` or `ipv4_ipam_pool_id` must be set, but not both.
+    EOT
+  default     = null
+}
+
+variable "ipv4_ipam_pool_id" {
+  type        = string
+  description = <<-EOT
+    The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR.
+    Either `cidr_block` or `ipv4_ipam_pool_id` must be set, but not both.
+    EOT
+  default     = null
+}
+
+variable "ipv4_netmask_length" {
+  type        = number
+  description = "The netmask length of the IPv4 CIDR you want to allocate to this VPC."
+  default     = 16
 }
+locals { ipv4_netmask_length = var.ipv4_ipam_pool_id != null ? var.ipv4_netmask_length : null }
 
 variable "additional_cidr_blocks" {
   type        = list(string)