Skip to main content

Palo Alto Networks Flexible Names Generator

A Terraform module for flexible names generation for resources created in AWS by VM-Series modules.

GitHub Logo Terraform Logo

Usage

In order to invoke the module to generated flexible names for all resources created by Terraform for VM-Series, you need to defined map e.g. as below for combined design example:

module "generator" {
  source = "../../modules/names_generator"

  region               = var.region
  name_prefix          = var.name_prefix
  name_template        = var.name_templates.name_template
  template_assignments = var.template_assignments.assigned_template
  names = {
    vpc              = { for k, v in var.vpcs : k => v.name }
    internet_gateway = { for k, v in var.vpcs : k => v.name }
    vpn_gateway      = { for k, v in var.vpcs : k => v.name }
    subnet           = { for _, v in local.subnets : "${v.name}${v.az}" => "${v.name}${v.az}" }
    security_group   = { for _, v in local.security_groups : v.key => v.name }
    route_table = merge(
      { for k, v in var.vpcs : k => "igw_${v.name}" },
      { for _, v in local.subnets : "${v.name}${v.az}" => "${v.name}${v.az}" }
    )
    nat_gateway                           = { for _, v in local.nat_gateways : v.key => v.name }
    transit_gateway                       = { "tgw" : var.tgw.name }
    transit_gateway_route_table           = { for k, v in var.tgw.route_tables : k => v.name }
    transit_gateway_attachment            = { for k, v in var.tgw.attachments : k => v.name }
    gateway_loadbalancer                  = { for k, v in var.gwlbs : k => v.name }
    gateway_loadbalancer_target_group     = { for k, v in var.gwlbs : k => v.name }
    gateway_loadbalancer_endpoint         = { for k, v in var.gwlb_endpoints : k => v.name }
    application_loadbalancer              = { for k, v in var.spoke_albs : k => k }
    application_loadbalancer_target_group = { for _, v in local.alb_tg : v.key => v.value }
    network_loadbalancer                  = { for k, v in var.spoke_nlbs : k => k }
    network_loadbalancer_target_group     = { for _, v in local.nlb_tg : v.key => v.value }
    vm                                    = { for k, v in var.spoke_vms : k => k }
    vmseries                              = { for vmseries in local.vmseries_instances : "${vmseries.group}-${vmseries.instance}" => "${vmseries.group}-${vmseries.instance}" }
    vmseries_network_interface            = { for n in local.vmseries_network_interfaces : "${n.group}-${n.instance}-${n.nic}" => "${n.nic}-${n.instance}" }
    iam_role = {
      security : "vmseries"
      spoke : "spokevm"
    }
    iam_instance_profile = {
      security : "vmseries"
      spoke : "spokevm"
    }
  }
}

For each kind of resource output from module can be used e.g. as below for VPC:

module "vpc" {
  source = "../../modules/vpc"

  for_each = var.vpcs

  name = module.generator.names.vpc[each.key]
  ...
}

or GWLB and its endpoints:

module "gwlb" {
  source = "../../../modules/gwlb"

  for_each = var.gwlbs

  name    = module.generator.names.gateway_loadbalancer[each.key]
  ...
}

module "gwlbe_endpoint" {
  source = "../../../modules/gwlb_endpoint_set"

  for_each = var.gwlb_endpoints

  name              = module.generator.names.gateway_loadbalancer_endpoint[each.key]
  ...
}

Map of templates needs to be defined in terraform.tfvars:

name_templates = {
  name_at_the_end = {
    delimiter = "-"
    parts = [
      { prefix = null },
      { abbreviation = "__default__" },
      { bu = "cloud" },
      { env = "tst" },
      { suffix = "ec1" },
      { name = "%s" },
  ] }
  name_after_abbr = {
    delimiter = "-"
    parts = [
      { prefix = null },
      { abbreviation = "__default__" },
      { name = "%s" },
      { bu = "cloud" },
      { env = "tst" },
      { suffix = "ec1" },
  ] }
  name_with_az = {
    delimiter = "-"
    parts = [
      { prefix = null },
      { abbreviation = "__default__" },
      { name = "%s" },
      { bu = "cloud" },
      { env = "tst" },
      { suffix = "ec1" },
      { az = "__az_numeric__" }, # __az_literal__, __az_numeric__
  ] }
  name_max_32_characters = {
    delimiter = "-"
    parts = [
      { prefix = null },
      { abbreviation = "__default__" },
      { name = "%s" },
      { bu = "cloud" },
      { env = "tst" },
  ] }
}

Besides that for each kind template needs to be assigned (or default template needs to be used):

template_assignments = {
  default                               = "name_after_abbr"
  subnet                                = "name_with_az"
  route_table                           = "name_with_az"
  nat_gateway                           = "name_at_the_end"
  vm                                    = "name_at_the_end"
  vmseries                              = "name_at_the_end"
  vmseries_network_interface            = "name_at_the_end"
  application_loadbalancer              = "name_max_32_characters"
  application_loadbalancer_target_group = "name_max_32_characters"
  network_loadbalancer                  = "name_max_32_characters"
  network_loadbalancer_target_group     = "name_max_32_characters"
  gateway_loadbalancer                  = "name_max_32_characters"
  gateway_loadbalancer_target_group     = "name_max_32_characters"
}

Reference

Requirements

NameVersion
terraform>= 1.0.0, < 2.0.0
aws~> 5.17

Providers

No providers.

Modules

No modules.

Resources

No resources.

Inputs

NameDescriptionTypeDefaultRequired
abbreviationsMap of abbreviations used for resources (placed in place of "__default__").map(string)
{
  "application_loadbalancer": "alb",
  "application_loadbalancer_target_group": "atg",
  "gateway_loadbalancer": "gwlb",
  "gateway_loadbalancer_endpoint": "gwep",
  "gateway_loadbalancer_target_group": "gwtg",
  "iam_instance_profile": "profile",
  "iam_role": "role",
  "internet_gateway": "igw",
  "nat_gateway": "ngw",
  "network_loadbalancer": "nlb",
  "network_loadbalancer_target_group": "ntg",
  "route_table": "rt",
  "route_table_internet_gateway": "rt",
  "security_group": "sg",
  "subnet": "snet",
  "transit_gateway": "tgw",
  "transit_gateway_attachment": "att",
  "transit_gateway_route_table": "trt",
  "vm": "vm",
  "vmseries": "vm",
  "vmseries_network_interface": "nic",
  "vpc": "vpc",
  "vpn_gateway": "vgw"
}
no
az_map_literal_to_numericMap of number used instead of letters for AZs (placed in place of "__az_numeric__").map(string)
{
  "a": 1,
  "b": 2,
  "c": 3,
  "d": 4,
  "e": 5,
  "f": 6,
  "g": 7,
  "h": 8,
  "i": 9
}
no
name_prefixPrefix used in names for the resourcesstringn/ayes
name_templatesMap of templates used to generate names. Each template is defined by list of objects. Each object contains 1 element defined by key and string value.

Important:
0. Delimiter specifies the delimiter used between all components of the new name.
1. Elements with key prefix (value is not important) will be replaced with value of the name_prefix variable (e.g. { prefix = null })
2. %s will be eventually replaced by resource name
3. __default__ is a marker that we will be replaced with a default resource abbreviation, anything else will be used literally.
4. __az_numeric__ is a marker that will be used to replace the availability zone letter indicator with a number (e.g. a->1, b->2, ...)
5. __az_literal__ is a marker that will be used to replace the full availability zone name with a letter (e.g. eu-central-1a will become a)
6. Order matters

Example:

name_template = {
name_at_the_end = {
delimiter = "-"
parts = [
{ prefix = null },
{ abbreviation = "__default__" },
{ bu = "cloud" },
{ env = "tst" },
{ suffix = "ec1" },
{ name = "%s" },
] }
name_after_abbr = {
delimiter = "-"
parts = [
{ prefix = null },
{ abbreviation = "__default__" },
{ name = "%s" },
{ bu = "cloud" },
{ env = "tst" },
{ suffix = "ec1" },
] }
name_with_az = {
delimiter = "-"
parts = [
{ prefix = null },
{ abbreviation = "__default__" },
{ name = "%s" },
{ bu = "cloud" },
{ env = "tst" },
{ suffix = "ec1" },
{ az = "__az_numeric__" }, # __az_literal__, __az_numeric__
] }
name_max_32_characters = {
delimiter = "-"
parts = [
{ prefix = null },
{ abbreviation = "__default__" },
{ name = "%s" },
{ bu = "cloud" },
{ env = "tst" },
] }
}
map(object({
    delimiter = string
    parts     = list(map(string))
  }))
{}no
namesMap of objects defining names used for resources.

Example:

names = {
vpc = { for k, v in var.vpcs : k => v.name }
gateway_loadbalancer = { for k, v in var.gwlbs : k => v.name }
gateway_loadbalancer_endpoint = { for k, v in var.gwlb_endpoints : k => v.name }
}

Please take a look combined_design example, which contains full map for names.		map(map(string)){}no
regionAWS region used to deploy whole infrastructurestringn/ayes
template_assignmentsMap of templates (used to generate names) assigned to each kind of resource.

Example:

template_assignments = {
default = "name_after_abbr"
subnet = "name_with_az"
route_table = "name_with_az"
nat_gateway = "name_at_the_end"
vm = "name_at_the_end"
vmseries = "name_at_the_end"
vmseries_network_interface = "name_at_the_end"
application_loadbalancer = "name_max_32_characters"
application_loadbalancer_target_group = "name_max_32_characters"
network_loadbalancer = "name_max_32_characters"
network_loadbalancer_target_group = "name_max_32_characters"
gateway_loadbalancer = "name_max_32_characters"
gateway_loadbalancer_target_group = "name_max_32_characters"
}		map(string){}no

Outputs

NameDescription
namesMap of generated names for each kind of resources.

Example:

names = {
vpc = {
app1_vpc = "example-vpc-app1-cloud-tst-ec1"
app2_vpc = "example-vpc-app2-cloud-tst-ec1"
security_vpc = "example-vpc-security-cloud-tst-ec1"
}
gateway_loadbalancer = {
security_gwlb = "example-gwlb-security-cloud-tst"
}
gateway_loadbalancer_endpoint = {
app1_inbound = "example-gwep-app1-cloud-tst-ec1"
app2_inbound = "example-gwep-app2-cloud-tst-ec1"
security_gwlb_eastwest = "example-gwep-eastwest-cloud-tst-ec1"
security_gwlb_outbound = "example-gwep-outbound-cloud-tst-ec1"
}
}