From 1113295c74e69adf0d41bd01d3f035f0cb60c342 Mon Sep 17 00:00:00 2001
From: tsharma <tsharma@cloudera.com>
Date: Thu, 7 Sep 2023 11:53:59 +0530
Subject: [PATCH] Support for targeting subnets for Load Balancers (Private
 placement of load balancers). With CRB-2275, we are introducing a feature
 that lets customers choose private subnets for LB. Some customers (for
 example- Banks), have stricter rules where they need to keep the workloads
 completely isoalted (non-routable) from even their network but provide access
 to API/UI endpoints for people on the network by placing the LBs in routable
 frontend private subnet. See
 https://docs.google.com/document/d/1qfdmFKHAN9NrE60ElPZNORvqhD7HwWAyt238wQvvvgo/edit#heading=h.1bz8nyaoflni
 for more details on how-to-use this feature.

---
 modules/terraform-cdp-deploy/main.tf                  |  2 ++
 modules/terraform-cdp-deploy/modules/aws/main.tf      |  2 +-
 modules/terraform-cdp-deploy/modules/aws/variables.tf | 10 +++++++++-
 modules/terraform-cdp-deploy/modules/azure/main.tf    |  2 +-
 modules/terraform-cdp-deploy/variables.tf             |  7 +++++++
 5 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/modules/terraform-cdp-deploy/main.tf b/modules/terraform-cdp-deploy/main.tf
index 4ee57f6..92d3a35 100644
--- a/modules/terraform-cdp-deploy/main.tf
+++ b/modules/terraform-cdp-deploy/main.tf
@@ -59,6 +59,8 @@ module "cdp_on_aws" {
   idbroker_instance_profile_arn = var.aws_idbroker_instance_profile_arn
   log_instance_profile_arn      = var.aws_log_instance_profile_arn
 
+  cdp_lb_subnet_ids = var.cdp_lb_subnet_ids
+
 }
 
 # ------- Call sub-module for Azure Deployment -------
diff --git a/modules/terraform-cdp-deploy/modules/aws/main.tf b/modules/terraform-cdp-deploy/modules/aws/main.tf
index f31ba8a..14c820d 100644
--- a/modules/terraform-cdp-deploy/modules/aws/main.tf
+++ b/modules/terraform-cdp-deploy/modules/aws/main.tf
@@ -43,7 +43,7 @@ resource "cdp_environments_aws_environment" "cdp_env" {
   vpc_id                             = var.vpc_id
   subnet_ids                         = var.subnets_for_cdp
   endpoint_access_gateway_scheme     = var.endpoint_access_scheme
-  endpoint_access_gateway_subnet_ids = (length(var.public_subnet_ids) > 0) ? var.public_subnet_ids : null
+  endpoint_access_gateway_subnet_ids = length(var.cdp_lb_subnet_ids) > 0 && var.endpoint_access_scheme == "PRIVATE" ? var.cdp_lb_subnet_ids : length(var.public_subnet_ids) >0 && var.endpoint_access_scheme == "PUBLIC" ? var.public_subnet_ids : null
 
   freeipa = {
     instance_count_by_group = var.freeipa_instances
diff --git a/modules/terraform-cdp-deploy/modules/aws/variables.tf b/modules/terraform-cdp-deploy/modules/aws/variables.tf
index 2af4a0e..b772c29 100644
--- a/modules/terraform-cdp-deploy/modules/aws/variables.tf
+++ b/modules/terraform-cdp-deploy/modules/aws/variables.tf
@@ -146,6 +146,7 @@ variable "vpc_id" {
 variable "public_subnet_ids" {
   type        = list(string)
   description = "List of public subnet ids."
+  default = null
 }
 
 # variable "private_subnet_ids" {
@@ -256,4 +257,11 @@ variable "idbroker_instance_profile_arn" {
     error_message = "Valid values for var: idbroker_instance_profile_arn must be a valid ARN for IDBroker Instance Profile."
   }
 
-}
\ No newline at end of file
+}
+
+variable "cdp_lb_subnet_ids" {
+   type        = list(any)
+  description = "List of subnet ids for Load Balancer. Required if we want to target subnets for LB"
+
+  default = null
+}
diff --git a/modules/terraform-cdp-deploy/modules/azure/main.tf b/modules/terraform-cdp-deploy/modules/azure/main.tf
index d908fe1..60195ca 100644
--- a/modules/terraform-cdp-deploy/modules/azure/main.tf
+++ b/modules/terraform-cdp-deploy/modules/azure/main.tf
@@ -51,7 +51,7 @@ resource "cdp_environments_azure_environment" "cdp_env" {
   }
 
   endpoint_access_gateway_scheme     = var.endpoint_access_scheme
-  endpoint_access_gateway_subnet_ids = (length(var.cdp_gateway_subnet_names) > 0) ? var.cdp_gateway_subnet_names : null
+  endpoint_access_gateway_subnet_ids = length(var.cdp_gateway_subnet_names) > 0 ? var.cdp_gateway_subnet_names : null
 
   # Set this parameter to deploy all resources into a single resource group
   resource_group_name = var.use_single_resource_group ? var.resource_group_name : null
diff --git a/modules/terraform-cdp-deploy/variables.tf b/modules/terraform-cdp-deploy/variables.tf
index 1516e8f..858fa27 100644
--- a/modules/terraform-cdp-deploy/variables.tf
+++ b/modules/terraform-cdp-deploy/variables.tf
@@ -444,3 +444,10 @@ variable "azure_raz_identity_id" {
   default = null
 
 }
+
+variable "cdp_lb_subnet_ids" {
+   type        = list(any)
+  description = "List of subnet ids for Load Balancer. Required if we want to target subnets for LB"
+
+  default = null
+}