From 7caea7e91d0a897e56c62e35e0521ec8417d44de Mon Sep 17 00:00:00 2001
From: Byungjin Park <posquit0.bj@gmail.com>
Date: Fri, 27 Oct 2023 02:25:55 +0900
Subject: [PATCH] Support ram sharing for subnet-group module

---
 examples/vpc-full/subnet-groups.tf | 21 ++++++++++++++------
 modules/subnet-group/README.md     |  3 +++
 modules/subnet-group/main.tf       |  8 ++++----
 modules/subnet-group/outputs.tf    | 12 ++++++++++++
 modules/subnet-group/ram-share.tf  | 31 ++++++++++++++++++++++++++++++
 modules/subnet-group/variables.tf  | 21 ++++++++++++++++++++
 6 files changed, 86 insertions(+), 10 deletions(-)
 create mode 100644 modules/subnet-group/ram-share.tf

diff --git a/examples/vpc-full/subnet-groups.tf b/examples/vpc-full/subnet-groups.tf
index 868f46a..d7d21d6 100644
--- a/examples/vpc-full/subnet-groups.tf
+++ b/examples/vpc-full/subnet-groups.tf
@@ -7,16 +7,16 @@ module "private_subnet_group" {
   # source  = "tedilabs/network/aws//modules/subnet-group"
   # version = "~> 0.2.0"
 
-  name = "test/private"
+  name = "test-private"
 
   vpc_id = module.vpc.id
 
   subnets = {
-    "test/private/az2" = {
+    "test-private/az2" = {
       availability_zone_id = "use1-az2"
       ipv4_cidr            = "10.0.200.0/24"
     }
-    "test/private/az4" = {
+    "test-private/az4" = {
       availability_zone_id = "use1-az4"
       ipv4_cidr            = "10.0.201.0/24"
     }
@@ -85,6 +85,15 @@ module "private_subnet_group" {
     description = "Test Redshift Subnet Group"
   }
 
+
+  ## Sharing
+  shares = [
+    # {
+    #   name = "team1"
+    #   principals = ["123456789012"]
+    # },
+  ]
+
   tags = {
     "project" = "terraform-aws-network-examples"
   }
@@ -95,16 +104,16 @@ module "public_subnet_group" {
   # source  = "tedilabs/network/aws//modules/subnet-group"
   # version = "~> 0.2.0"
 
-  name = "test/public"
+  name = "test-public"
 
   vpc_id = module.vpc.id
 
   subnets = {
-    "test/public/az2" = {
+    "test-public/az2" = {
       availability_zone_id = "use1-az2"
       ipv4_cidr            = "10.0.100.0/24"
     }
-    "test/public/az4" = {
+    "test-public/az4" = {
       availability_zone_id = "use1-az4"
       ipv4_cidr            = "10.0.101.0/24"
     }
diff --git a/modules/subnet-group/README.md b/modules/subnet-group/README.md
index 662fd10..ecbc2a6 100644
--- a/modules/subnet-group/README.md
+++ b/modules/subnet-group/README.md
@@ -31,6 +31,7 @@ This module creates following resources.
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_resource_group"></a> [resource\_group](#module\_resource\_group) | tedilabs/misc/aws//modules/resource-group | ~> 0.10.0 |
+| <a name="module_share"></a> [share](#module\_share) | tedilabs/account/aws//modules/ram-share | ~> 0.27.0 |
 
 ## Resources
 
@@ -71,6 +72,7 @@ This module creates following resources.
 | <a name="input_resource_group_description"></a> [resource\_group\_description](#input\_resource\_group\_description) | (Optional) The description of Resource Group. | `string` | `"Managed by Terraform."` | no |
 | <a name="input_resource_group_enabled"></a> [resource\_group\_enabled](#input\_resource\_group\_enabled) | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | `bool` | `true` | no |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. | `string` | `""` | no |
+| <a name="input_shares"></a> [shares](#input\_shares) | (Optional) A list of resource shares via RAM (Resource Access Manager). | <pre>list(object({<br>    name = optional(string)<br><br>    permissions = optional(set(string), ["AWSRAMDefaultPermissionSubnet"])<br><br>    external_principals_allowed = optional(bool, false)<br>    principals                  = optional(set(string), [])<br><br>    tags = optional(map(string), {})<br>  }))</pre> | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no |
 | <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | (Optional) How long to wait for the subnet group to be created/deleted. | <pre>object({<br>    create = optional(string, "10m")<br>    delete = optional(string, "20m")<br>  })</pre> | `{}` | no |
 
@@ -99,6 +101,7 @@ This module creates following resources.
 | <a name="output_public_ipv4_address_assignment"></a> [public\_ipv4\_address\_assignment](#output\_public\_ipv4\_address\_assignment) | The configuration of public IPv4 address assignment.<br>    `enabled` - Whether to automatically assign public IPv4 address to instances launched in the subnet group. |
 | <a name="output_rds_subnet_group"></a> [rds\_subnet\_group](#output\_rds\_subnet\_group) | The configuration of RDS Subnet Group.<br>    `id` - The ID of the RDS Subnet Group.<br>    `arn` - The ARN of the RDS Subnet Group.<br>    `name` - The name of the RDS Subnet Group.<br>    `description` - The description of the RDS Subnet Group. |
 | <a name="output_redshift_subnet_group"></a> [redshift\_subnet\_group](#output\_redshift\_subnet\_group) | The configuration of Redshift Subnet Group.<br>    `id` - The ID of the Redshift Subnet Group.<br>    `arn` - The ARN of the Redshift Subnet Group.<br>    `name` - The name of the Redshift Subnet Group.<br>    `description` - The description of the Redshift Subnet Group. |
+| <a name="output_sharing"></a> [sharing](#output\_sharing) | The configuration for sharing of subnets in the subnet group.<br>    `status` - An indication of whether subnets are shared with other AWS accounts, or was shared with the current account by another AWS account. Sharing is configured through AWS Resource Access Manager (AWS RAM). Values are `NOT_SHARED`, `SHARED_BY_ME` or `SHARED_WITH_ME`.<br>    `shares` - The list of resource shares via RAM (Resource Access Manager). |
 | <a name="output_subnets"></a> [subnets](#output\_subnets) | A list of subnets of the subnet group. |
 | <a name="output_subnets_by_az"></a> [subnets\_by\_az](#output\_subnets\_by\_az) | A map of subnets of the subnet group which are grouped by availability zone id. |
 | <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC which the subnet group belongs to. |
diff --git a/modules/subnet-group/main.tf b/modules/subnet-group/main.tf
index 4506fce..dc6c85c 100644
--- a/modules/subnet-group/main.tf
+++ b/modules/subnet-group/main.tf
@@ -41,16 +41,16 @@ locals {
     values(aws_subnet.this)[*].availability_zone_id
   )
   subnets = [
-    for subnet in aws_subnet.this : {
+    for name, subnet in aws_subnet.this : {
       id   = subnet.id
       arn  = subnet.arn
-      name = subnet.tags["Name"]
+      name = name
 
       availability_zone    = subnet.availability_zone
       availability_zone_id = subnet.availability_zone_id
 
-      cidr_block      = subnet.cidr_block
-      ipv6_cidr_block = subnet.ipv6_cidr_block
+      ipv4_cidr = subnet.cidr_block
+      ipv6_cidr = subnet.ipv6_cidr_block
     }
   ]
 }
diff --git a/modules/subnet-group/outputs.tf b/modules/subnet-group/outputs.tf
index a9d00d0..be882b7 100644
--- a/modules/subnet-group/outputs.tf
+++ b/modules/subnet-group/outputs.tf
@@ -262,3 +262,15 @@ output "redshift_subnet_group" {
     : null
   )
 }
+
+output "sharing" {
+  description = <<EOF
+  The configuration for sharing of subnets in the subnet group.
+    `status` - An indication of whether subnets are shared with other AWS accounts, or was shared with the current account by another AWS account. Sharing is configured through AWS Resource Access Manager (AWS RAM). Values are `NOT_SHARED`, `SHARED_BY_ME` or `SHARED_WITH_ME`.
+    `shares` - The list of resource shares via RAM (Resource Access Manager).
+  EOF
+  value = {
+    status = length(module.share) > 0 ? "SHARED_BY_ME" : "NOT_SHARED"
+    shares = module.share
+  }
+}
diff --git a/modules/subnet-group/ram-share.tf b/modules/subnet-group/ram-share.tf
new file mode 100644
index 0000000..9f5d4a5
--- /dev/null
+++ b/modules/subnet-group/ram-share.tf
@@ -0,0 +1,31 @@
+###################################################
+# Resource Sharing by RAM (Resource Access Manager)
+###################################################
+
+module "share" {
+  source  = "tedilabs/account/aws//modules/ram-share"
+  version = "~> 0.27.0"
+
+  for_each = {
+    for share in var.shares :
+    share.name => share
+  }
+
+  name = "vpc.subnet-group.${var.name}.${each.key}"
+
+  resources = values(aws_subnet.this)[*].arn
+
+  permissions = each.value.permissions
+
+  external_principals_allowed = each.value.external_principals_allowed
+  principals                  = each.value.principals
+
+  resource_group_enabled = false
+  module_tags_enabled    = false
+
+  tags = merge(
+    local.module_tags,
+    var.tags,
+    each.value.tags,
+  )
+}
diff --git a/modules/subnet-group/variables.tf b/modules/subnet-group/variables.tf
index 0e80ef5..cf93ce0 100644
--- a/modules/subnet-group/variables.tf
+++ b/modules/subnet-group/variables.tf
@@ -306,3 +306,24 @@ variable "resource_group_description" {
   default     = "Managed by Terraform."
   nullable    = false
 }
+
+
+###################################################
+# Resource Sharing by RAM (Resource Access Manager)
+###################################################
+
+variable "shares" {
+  description = "(Optional) A list of resource shares via RAM (Resource Access Manager)."
+  type = list(object({
+    name = optional(string)
+
+    permissions = optional(set(string), ["AWSRAMDefaultPermissionSubnet"])
+
+    external_principals_allowed = optional(bool, false)
+    principals                  = optional(set(string), [])
+
+    tags = optional(map(string), {})
+  }))
+  default  = []
+  nullable = false
+}