Palo Alto Networks Flexible Names Generator

A Terraform module for flexible names generation for resources created in AWS by VM-Series modules.

Usage

In order to invoke the module to generated flexible names for all resources created by Terraform for VM-Series, you need to defined map e.g. as below for combined design example:

module "generator" {
  source = "../../modules/names_generator"

  region               = var.region
  name_prefix          = var.name_prefix
  name_template        = var.name_templates.name_template
  template_assignments = var.template_assignments.assigned_template
  names = {
    vpc              = { for k, v in var.vpcs : k => v.name }
    internet_gateway = { for k, v in var.vpcs : k => v.name }
    vpn_gateway      = { for k, v in var.vpcs : k => v.name }
    subnet           = { for _, v in local.subnets : "${v.name}${v.az}" => "${v.name}${v.az}" }
    security_group   = { for _, v in local.security_groups : v.key => v.name }
    route_table = merge(
      { for k, v in var.vpcs : k => "igw_${v.name}" },
      { for _, v in local.subnets : "${v.name}${v.az}" => "${v.name}${v.az}" }
    )
    nat_gateway                           = { for _, v in local.nat_gateways : v.key => v.name }
    transit_gateway                       = { "tgw" : var.tgw.name }
    transit_gateway_route_table           = { for k, v in var.tgw.route_tables : k => v.name }
    transit_gateway_attachment            = { for k, v in var.tgw.attachments : k => v.name }
    gateway_loadbalancer                  = { for k, v in var.gwlbs : k => v.name }
    gateway_loadbalancer_target_group     = { for k, v in var.gwlbs : k => v.name }
    gateway_loadbalancer_endpoint         = { for k, v in var.gwlb_endpoints : k => v.name }
    application_loadbalancer              = { for k, v in var.spoke_albs : k => k }
    application_loadbalancer_target_group = { for _, v in local.alb_tg : v.key => v.value }
    network_loadbalancer                  = { for k, v in var.spoke_nlbs : k => k }
    network_loadbalancer_target_group     = { for _, v in local.nlb_tg : v.key => v.value }
    vm                                    = { for k, v in var.spoke_vms : k => k }
    vmseries                              = { for vmseries in local.vmseries_instances : "${vmseries.group}-${vmseries.instance}" => "${vmseries.group}-${vmseries.instance}" }
    vmseries_network_interface            = { for n in local.vmseries_network_interfaces : "${n.group}-${n.instance}-${n.nic}" => "${n.nic}-${n.instance}" }
    iam_role = {
      security : "vmseries"
      spoke : "spokevm"
    }
    iam_instance_profile = {
      security : "vmseries"
      spoke : "spokevm"
    }
  }
}

For each kind of resource output from module can be used e.g. as below for VPC:

module "vpc" {
  source = "../../modules/vpc"

  for_each = var.vpcs

  name = module.generator.names.vpc[each.key]
  ...
}

or GWLB and its endpoints:

module "gwlb" {
  source = "../../../modules/gwlb"

  for_each = var.gwlbs

  name    = module.generator.names.gateway_loadbalancer[each.key]
  ...
}

module "gwlbe_endpoint" {
  source = "../../../modules/gwlb_endpoint_set"

  for_each = var.gwlb_endpoints

  name              = module.generator.names.gateway_loadbalancer_endpoint[each.key]
  ...
}

Map of templates needs to be defined in terraform.tfvars:

name_templates = {
  name_at_the_end = {
    delimiter = "-"
    parts = [
      { prefix = null },
      { abbreviation = "__default__" },
      { bu = "cloud" },
      { env = "tst" },
      { suffix = "ec1" },
      { name = "%s" },
  ] }
  name_after_abbr = {
    delimiter = "-"
    parts = [
      { prefix = null },
      { abbreviation = "__default__" },
      { name = "%s" },
      { bu = "cloud" },
      { env = "tst" },
      { suffix = "ec1" },
  ] }
  name_with_az = {
    delimiter = "-"
    parts = [
      { prefix = null },
      { abbreviation = "__default__" },
      { name = "%s" },
      { bu = "cloud" },
      { env = "tst" },
      { suffix = "ec1" },
      { az = "__az_numeric__" }, # __az_literal__, __az_numeric__
  ] }
  name_max_32_characters = {
    delimiter = "-"
    parts = [
      { prefix = null },
      { abbreviation = "__default__" },
      { name = "%s" },
      { bu = "cloud" },
      { env = "tst" },
  ] }
}

Besides that for each kind template needs to be assigned (or default template needs to be used):

template_assignments = {
  default                               = "name_after_abbr"
  subnet                                = "name_with_az"
  route_table                           = "name_with_az"
  nat_gateway                           = "name_at_the_end"
  vm                                    = "name_at_the_end"
  vmseries                              = "name_at_the_end"
  vmseries_network_interface            = "name_at_the_end"
  application_loadbalancer              = "name_max_32_characters"
  application_loadbalancer_target_group = "name_max_32_characters"
  network_loadbalancer                  = "name_max_32_characters"
  network_loadbalancer_target_group     = "name_max_32_characters"
  gateway_loadbalancer                  = "name_max_32_characters"
  gateway_loadbalancer_target_group     = "name_max_32_characters"
}

Reference

Requirements

Name	Version
terraform	>= 1.0.0, < 2.0.0
aws	~> 5.17

Providers

No providers.

Modules

No modules.

Resources

No resources.

Inputs

Name	Description	Type	Default	Required
abbreviations	Map of abbreviations used for resources (placed in place of "__default__").	`map(string)`	{ "application_loadbalancer": "alb", "application_loadbalancer_target_group": "atg", "gateway_loadbalancer": "gwlb", "gateway_loadbalancer_endpoint": "gwep", "gateway_loadbalancer_target_group": "gwtg", "iam_instance_profile": "profile", "iam_role": "role", "internet_gateway": "igw", "nat_gateway": "ngw", "network_loadbalancer": "nlb", "network_loadbalancer_target_group": "ntg", "route_table": "rt", "route_table_internet_gateway": "rt", "security_group": "sg", "subnet": "snet", "transit_gateway": "tgw", "transit_gateway_attachment": "att", "transit_gateway_route_table": "trt", "vm": "vm", "vmseries": "vm", "vmseries_network_interface": "nic", "vpc": "vpc", "vpn_gateway": "vgw" }	no
az_map_literal_to_numeric	Map of number used instead of letters for AZs (placed in place of "__az_numeric__").	`map(string)`	{ "a": 1, "b": 2, "c": 3, "d": 4, "e": 5, "f": 6, "g": 7, "h": 8, "i": 9 }	no
name_prefix	Prefix used in names for the resources	`string`	n/a	yes
name_templates	Map of templates used to generate names. Each template is defined by list of objects. Each object contains 1 element defined by key and string value. Important: 0. Delimiter specifies the delimiter used between all components of the new name. 1. Elements with key `prefix` (value is not important) will be replaced with value of the `name_prefix` variable (e.g. `{ prefix = null }`) 2. `%s` will be eventually replaced by resource name 3. `__default__` is a marker that we will be replaced with a default resource abbreviation, anything else will be used literally. 4. `__az_numeric__` is a marker that will be used to replace the availability zone letter indicator with a number (e.g. a->1, b->2, ...) 5. `__az_literal__` is a marker that will be used to replace the full availability zone name with a letter (e.g. `eu-central-1a` will become `a`) 6. Order matters Example: name_template = { name_at_the_end = { delimiter = "-" parts = [ { prefix = null }, { abbreviation = "__default__" }, { bu = "cloud" }, { env = "tst" }, { suffix = "ec1" }, { name = "%s" }, ] } name_after_abbr = { delimiter = "-" parts = [ { prefix = null }, { abbreviation = "__default__" }, { name = "%s" }, { bu = "cloud" }, { env = "tst" }, { suffix = "ec1" }, ] } name_with_az = { delimiter = "-" parts = [ { prefix = null }, { abbreviation = "__default__" }, { name = "%s" }, { bu = "cloud" }, { env = "tst" }, { suffix = "ec1" }, { az = "__az_numeric__" }, # __az_literal__, __az_numeric__ ] } name_max_32_characters = { delimiter = "-" parts = [ { prefix = null }, { abbreviation = "__default__" }, { name = "%s" }, { bu = "cloud" }, { env = "tst" }, ] } }	map(object({ delimiter = string parts = list(map(string)) }))	`{}`	no
names	Map of objects defining names used for resources. Example: names = { vpc = { for k, v in var.vpcs : k => v.name } gateway_loadbalancer = { for k, v in var.gwlbs : k => v.name } gateway_loadbalancer_endpoint = { for k, v in var.gwlb_endpoints : k => v.name } } Please take a look combined_design example, which contains full map for names.	`map(map(string))`	`{}`	no
region	AWS region used to deploy whole infrastructure	`string`	n/a	yes
template_assignments	Map of templates (used to generate names) assigned to each kind of resource. Example: template_assignments = { default = "name_after_abbr" subnet = "name_with_az" route_table = "name_with_az" nat_gateway = "name_at_the_end" vm = "name_at_the_end" vmseries = "name_at_the_end" vmseries_network_interface = "name_at_the_end" application_loadbalancer = "name_max_32_characters" application_loadbalancer_target_group = "name_max_32_characters" network_loadbalancer = "name_max_32_characters" network_loadbalancer_target_group = "name_max_32_characters" gateway_loadbalancer = "name_max_32_characters" gateway_loadbalancer_target_group = "name_max_32_characters" }	`map(string)`	`{}`	no

Outputs

Name	Description
names	Map of generated names for each kind of resources. Example: names = { vpc = { app1_vpc = "example-vpc-app1-cloud-tst-ec1" app2_vpc = "example-vpc-app2-cloud-tst-ec1" security_vpc = "example-vpc-security-cloud-tst-ec1" } gateway_loadbalancer = { security_gwlb = "example-gwlb-security-cloud-tst" } gateway_loadbalancer_endpoint = { app1_inbound = "example-gwep-app1-cloud-tst-ec1" app2_inbound = "example-gwep-app2-cloud-tst-ec1" security_gwlb_eastwest = "example-gwep-eastwest-cloud-tst-ec1" security_gwlb_outbound = "example-gwep-outbound-cloud-tst-ec1" } }

Name

Description

names

Map of generated names for each kind of resources.

Example:

names = {
vpc = {
app1_vpc = "example-vpc-app1-cloud-tst-ec1"
app2_vpc = "example-vpc-app2-cloud-tst-ec1"
security_vpc = "example-vpc-security-cloud-tst-ec1"
}
gateway_loadbalancer = {
security_gwlb = "example-gwlb-security-cloud-tst"
}
gateway_loadbalancer_endpoint = {
app1_inbound = "example-gwep-app1-cloud-tst-ec1"
app2_inbound = "example-gwep-app2-cloud-tst-ec1"
security_gwlb_eastwest = "example-gwep-eastwest-cloud-tst-ec1"
security_gwlb_outbound = "example-gwep-outbound-cloud-tst-ec1"
}
}

# README