Skip to content

Commit 77eb309

Browse files
wuzhuanhongwuzhuanhong
committed
feat(example/er): add example for shared er instance
1 parent 71108f3 commit 77eb309

File tree

3 files changed

+231
-0
lines changed

3 files changed

+231
-0
lines changed

examples/er/share_instance/README.md

+26
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
# Create an ER instance to share with other accounts
2+
3+
Configuration in this directory creates an ER instance and RAM share resource. The example includes an ER instance,
4+
a RAM share resource, a RAM share accepter resource, a VPC configuration, an ER attachment and
5+
an ER attachment accepter resource.
6+
Configuration in this directory describes how to share an ER instance with other accounts, and the sharer accepts or
7+
rejects attachment requests from other accounts.
8+
9+
To run, configure your Huaweicloud provider as described in the
10+
[document](https://registry.terraform.io/providers/huaweicloud/huaweicloud/latest/docs).
11+
12+
## Usage
13+
14+
```
15+
terraform init
16+
terraform plan
17+
terraform apply
18+
terraform destroy
19+
```
20+
21+
## Requirements
22+
23+
| Name | Version |
24+
| ---- | ---- |
25+
| terraform | >= 0.12.0 |
26+
| huaweicloud | >= 1.73.4 |

examples/er/share_instance/main.tf

+118
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,118 @@
1+
# Share (owner).
2+
provider "huaweicloud" {
3+
alias = "owner"
4+
5+
region = var.region_name
6+
access_key = var.owner_ak
7+
secret_key = var.owner_sk
8+
}
9+
10+
# Other account (principal).
11+
provider "huaweicloud" {
12+
alias = "principal"
13+
14+
region = var.region_name
15+
access_key = var.principal_ak
16+
secret_key = var.principal_sk
17+
}
18+
19+
data "huaweicloud_er_availability_zones" "test" {
20+
provider = huaweicloud.owner
21+
}
22+
23+
# Owner creates an ER instance to share.
24+
resource "huaweicloud_er_instance" "test" {
25+
provider = huaweicloud.owner
26+
27+
availability_zones = slice(data.huaweicloud_er_availability_zones.test.names, 0, 1)
28+
29+
name = var.er_instance_name
30+
asn = "64512"
31+
description = "Create an ER instace to share"
32+
33+
enable_default_propagation = true
34+
enable_default_association = true
35+
auto_accept_shared_attachments = false
36+
}
37+
38+
data "huaweicloud_ram_resource_permissions" "test" {
39+
provider = huaweicloud.owner
40+
41+
resource_type = "er:instances"
42+
43+
depends_on = [huaweicloud_er_instance.test]
44+
}
45+
46+
# Owner creates a RAM shared resource to initiate a shared ER request.
47+
resource "huaweicloud_ram_resource_share" "test" {
48+
provider = huaweicloud.owner
49+
50+
name = var.resource_share_name
51+
principals = [var.principal_account_id]
52+
resource_urns = ["er:${var.region_name}:${var.owner_account_id}:instances:${huaweicloud_er_instance.test.id}"]
53+
54+
permission_ids = data.huaweicloud_ram_resource_permissions.test.permissions[*].id
55+
}
56+
57+
# Principal queries the shared ER requests that need to be accepted.
58+
data "huaweicloud_ram_resource_share_invitations" "test" {
59+
provider = huaweicloud.principal
60+
61+
status = "pending"
62+
63+
depends_on = [huaweicloud_ram_resource_share.test]
64+
}
65+
66+
# Principal (ER instance acceptor) to accept request from owner shared ER.
67+
resource "huaweicloud_ram_resource_share_accepter" "test" {
68+
provider = huaweicloud.principal
69+
70+
resource_share_invitation_id = try([for v in data.huaweicloud_ram_resource_share_invitations.test.resource_share_invitations : v.id if v.resource_share_id == huaweicloud_ram_resource_share.test.id][0], "")
71+
action = "accept"
72+
73+
# After accepting the request, querying data.huaweicloud_ram_resource_share_invitations again will be empty.
74+
# This resource is a one-time resource. Add ignore_changes to prevent resource changes when executing terraform plan.
75+
lifecycle {
76+
ignore_changes = [
77+
resource_share_invitation_id,
78+
]
79+
}
80+
}
81+
82+
resource "huaweicloud_vpc" "test" {
83+
provider = huaweicloud.principal
84+
85+
name = var.vpc_name
86+
cidr = "192.168.0.0/16"
87+
}
88+
89+
resource "huaweicloud_vpc_subnet" "test" {
90+
provider = huaweicloud.principal
91+
92+
vpc_id = huaweicloud_vpc.test.id
93+
name = var.subnet_name
94+
cidr = "192.168.0.0/24"
95+
gateway_ip = "192.168.0.1"
96+
}
97+
98+
# Principal creates a VPC attachment.
99+
resource "huaweicloud_er_vpc_attachment" "test" {
100+
provider = huaweicloud.principal
101+
102+
instance_id = huaweicloud_er_instance.test.id
103+
vpc_id = huaweicloud_vpc.test.id
104+
subnet_id = huaweicloud_vpc_subnet.test.id
105+
name = var.attachment_name
106+
107+
depends_on = [huaweicloud_ram_resource_share_accepter.test]
108+
}
109+
110+
# The owner accepts attachment from principals.
111+
resource "huaweicloud_er_attachment_accepter" "test" {
112+
provider = huaweicloud.owner
113+
114+
instance_id = huaweicloud_er_instance.test.id
115+
attachment_id = huaweicloud_er_vpc_attachment.test.id
116+
action = "accept"
117+
}
118+

examples/er/share_instance/variables.tf

+87
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,87 @@
1+
variable "region_name" {
2+
default = "cn-north-4"
3+
}
4+
5+
variable "owner_account_id" {
6+
type = string
7+
description = "The account ID of the ER instance sharer"
8+
9+
default = ""
10+
sensitive = true
11+
}
12+
13+
variable "owner_ak" {
14+
type = string
15+
description = "The AK of the ER instance sharer"
16+
17+
default = ""
18+
sensitive = true
19+
}
20+
21+
variable "owner_sk" {
22+
type = string
23+
description = "The SK of the ER instance sharer"
24+
25+
default = ""
26+
sensitive = true
27+
}
28+
29+
variable "principal_account_id" {
30+
type = string
31+
description = "The account ID of the ER instance accepter"
32+
33+
default = ""
34+
sensitive = true
35+
}
36+
37+
38+
variable "principal_ak" {
39+
type = string
40+
description = "The AK of the ER instance accepter"
41+
42+
default = ""
43+
sensitive = true
44+
}
45+
46+
variable "principal_sk" {
47+
type = string
48+
description = "The sk of the ER instance accepter"
49+
50+
default = ""
51+
sensitive = true
52+
}
53+
54+
variable "er_instance_name" {
55+
type = string
56+
description = "The ID of the shared ER instance"
57+
58+
default = "share_attachment"
59+
}
60+
61+
variable "resource_share_name" {
62+
type = string
63+
description = "The ID of the shared ER instance"
64+
65+
default = "resource-share-er"
66+
}
67+
68+
variable "vpc_name" {
69+
type = string
70+
description = "The ID of the VPC of the VPC attachment"
71+
72+
default = "er_attachment_vpc_test"
73+
}
74+
75+
variable "subnet_name" {
76+
type = string
77+
description = "The ID of the subnet of the VPC attachment"
78+
79+
default = "er_attachment_subnet_test"
80+
}
81+
82+
variable "attachment_name" {
83+
type = string
84+
description = "The ID of the VPC attachment"
85+
86+
default = "shared_attachment"
87+
}

0 commit comments

Comments
 (0)