M: aci-access-leaf-interface-policy-group

M: aci-endpoint-group M: aci-l3out-interface-profile M: aci_access_policies.tf M: aci_tenants.tf M: defaults.yaml M: modules.yaml
therealdoug · Sep 12, 2024 · 9629f1b · 9629f1b
1 parent ca2c5ae
commit 9629f1b
Show file tree

Hide file tree

Showing 15 changed files with 366 additions and 96 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -161,6 +161,10 @@ repos:
         args: ["./modules/terraform-aci-coop-policy"]
       - id: terraform-docs-system
         args: ["./modules/terraform-aci-coop-policy/examples/complete"]
+      - id: terraform-docs-system
+        args: ["./modules/terraform-aci-data-plane-policing-policy"]
+      - id: terraform-docs-system
+        args: ["./modules/terraform-aci-data-plane-policing-policy/examples/complete"]
       - id: terraform-docs-system
         args: ["./modules/terraform-aci-date-time-format"]
       - id: terraform-docs-system

diff --git a/README.md b/README.md
@@ -182,6 +182,7 @@ Additional example repositories:
 | <a name="module_aci_config_passphrase"></a> [aci\_config\_passphrase](#module\_aci\_config\_passphrase) | ./modules/terraform-aci-config-passphrase | n/a |
 | <a name="module_aci_contract"></a> [aci\_contract](#module\_aci\_contract) | ./modules/terraform-aci-contract | n/a |
 | <a name="module_aci_coop_policy"></a> [aci\_coop\_policy](#module\_aci\_coop\_policy) | ./modules/terraform-aci-coop-policy | n/a |
+| <a name="module_aci_data_plane_policing_policy"></a> [aci\_data\_plane\_policing\_policy](#module\_aci\_data\_plane\_policing\_policy) | ./modules/terraform-aci-data-plane-policing-policy | n/a |
 | <a name="module_aci_date_time_format"></a> [aci\_date\_time\_format](#module\_aci\_date\_time\_format) | ./modules/terraform-aci-date-time-format | n/a |
 | <a name="module_aci_date_time_policy"></a> [aci\_date\_time\_policy](#module\_aci\_date\_time\_policy) | ./modules/terraform-aci-date-time-policy | n/a |
 | <a name="module_aci_device_selection_policy"></a> [aci\_device\_selection\_policy](#module\_aci\_device\_selection\_policy) | ./modules/terraform-aci-device-selection-policy | n/a |
@@ -314,6 +315,7 @@ Additional example repositories:
 | <a name="module_aci_system_performance"></a> [aci\_system\_performance](#module\_aci\_system\_performance) | ./modules/terraform-aci-system-performance | n/a |
 | <a name="module_aci_tacacs"></a> [aci\_tacacs](#module\_aci\_tacacs) | ./modules/terraform-aci-tacacs | n/a |
 | <a name="module_aci_tenant"></a> [aci\_tenant](#module\_aci\_tenant) | ./modules/terraform-aci-tenant | n/a |
+| <a name="module_aci_tenant_data_plane_policing_policy"></a> [aci\_tenant\_data\_plane\_policing\_policy](#module\_aci\_tenant\_data\_plane\_policing\_policy) | ./modules/terraform-aci-data-plane-policing-policy | n/a |
 | <a name="module_aci_tenant_span_destination_group"></a> [aci\_tenant\_span\_destination\_group](#module\_aci\_tenant\_span\_destination\_group) | ./modules/terraform-aci-tenant-span-destination-group | n/a |
 | <a name="module_aci_tenant_span_source_group"></a> [aci\_tenant\_span\_source\_group](#module\_aci\_tenant\_span\_source\_group) | ./modules/terraform-aci-tenant-span-source-group | n/a |
 | <a name="module_aci_track_list"></a> [aci\_track\_list](#module\_aci\_track\_list) | ./modules/terraform-aci-track-list | n/a |

diff --git a/aci_access_policies.tf b/aci_access_policies.tf
@@ -281,6 +281,34 @@ module "aci_cdp_policy" {
   admin_state = each.value.admin_state
 }
 
+module "aci_data_plane_policing_policy" {
+  source = "./modules/terraform-aci-data-plane-policing-policy"
+
+  for_each             = { for dpp in try(local.access_policies.interface_policies.data_plane_policing_policies, []) : dpp.name => dpp if local.modules.aci_data_plane_policing_policy && var.manage_access_policies }
+  name                 = "${each.value.name}${local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.name_suffix}"
+  admin_state          = try(each.value.admin_state, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.admin_state)
+  type                 = try(each.value.type, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.type)
+  mode                 = try(each.value.mode, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.mode)
+  sharing_mode         = try(each.value.sharing_mode, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.sharing_mode)
+  rate                 = try(each.value.rate, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.rate)
+  rate_unit            = try(each.value.rate_unit, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.rate_unit)
+  burst                = try(each.value.burst, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.burst)
+  burst_unit           = try(each.value.burst_unit, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.burst_unit)
+  conform_action       = try(each.value.conform_action, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.conform_action)
+  conform_mark_cos     = try(each.value.conform_action == "mark", false) ? try(each.value.conform_mark_cos, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.conform_mark_cos) : null
+  conform_mark_dscp    = try(each.value.conform_action == "mark", false) ? try(each.value.conform_mark_dscp, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.conform_mark_dscp) : null
+  exceed_action        = try(each.value.exceed_action, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.exceed_action)
+  exceed_mark_cos      = try(each.value.exceed_action == "mark", false) ? try(each.value.exceed_mark_cos, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.exceed_mark_cos) : null
+  exceed_mark_dscp     = try(each.value.exceed_action == "mark", false) ? try(each.value.exceed_mark_dscp, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.exceed_mark_dscp) : null
+  violate_action       = try(each.value.violate_action, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.violate_action)
+  violate_mark_cos     = try(each.value.violate_action == "mark", false) ? try(each.value.violate_mark_cos, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.violate_mark_cos) : null
+  violate_mark_dscp    = try(each.value.violate_action == "mark", false) ? try(each.value.violate_mark_dscp, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.violate_mark_dscp) : null
+  pir                  = try(each.value.type == "2R3C", false) ? try(each.value.pir, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.pir) : null
+  pir_unit             = try(each.value.type == "2R3C", false) ? try(each.value.pir_unit, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.pir_unit) : null
+  burst_excessive      = try(each.value.type == "2R3C", false) ? try(each.value.burst_excessive, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.burst_excessive) : null
+  burst_excessive_unit = try(each.value.type == "2R3C", false) ? try(each.value.burst_excessive_unit, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.burst_excessive_unit) : null
+}
+
 module "aci_lldp_policy" {
   source = "./modules/terraform-aci-lldp-policy"
 
@@ -383,20 +411,22 @@ module "aci_storm_control_policy" {
 module "aci_access_leaf_interface_policy_group" {
   source = "./modules/terraform-aci-access-leaf-interface-policy-group"
 
-  for_each                   = { for pg in try(local.access_policies.leaf_interface_policy_groups, []) : pg.name => pg if local.modules.aci_access_leaf_interface_policy_group && var.manage_access_policies }
-  name                       = "${each.value.name}${local.defaults.apic.access_policies.leaf_interface_policy_groups.name_suffix}"
-  description                = try(each.value.description, "")
-  type                       = each.value.type
-  map                        = try(each.value.map, local.defaults.apic.access_policies.leaf_interface_policy_groups.map)
-  link_level_policy          = try("${each.value.link_level_policy}${local.defaults.apic.access_policies.interface_policies.link_level_policies.name_suffix}", "")
-  cdp_policy                 = try("${each.value.cdp_policy}${local.defaults.apic.access_policies.interface_policies.cdp_policies.name_suffix}", "")
-  lldp_policy                = try("${each.value.lldp_policy}${local.defaults.apic.access_policies.interface_policies.lldp_policies.name_suffix}", "")
-  spanning_tree_policy       = try("${each.value.spanning_tree_policy}${local.defaults.apic.access_policies.interface_policies.spanning_tree_policies.name_suffix}", "")
-  mcp_policy                 = try("${each.value.mcp_policy}${local.defaults.apic.access_policies.interface_policies.mcp_policies.name_suffix}", "")
-  l2_policy                  = try("${each.value.l2_policy}${local.defaults.apic.access_policies.interface_policies.l2_policies.name_suffix}", "")
-  storm_control_policy       = try("${each.value.storm_control_policy}${local.defaults.apic.access_policies.interface_policies.storm_control_policies.name_suffix}", "")
-  port_channel_policy        = try("${each.value.port_channel_policy}${local.defaults.apic.access_policies.interface_policies.port_channel_policies.name_suffix}", "")
-  port_channel_member_policy = try("${each.value.port_channel_member_policy}${local.defaults.apic.access_policies.interface_policies.port_channel_member_policies.name_suffix}", "")
+  for_each                           = { for pg in try(local.access_policies.leaf_interface_policy_groups, []) : pg.name => pg if local.modules.aci_access_leaf_interface_policy_group && var.manage_access_policies }
+  name                               = "${each.value.name}${local.defaults.apic.access_policies.leaf_interface_policy_groups.name_suffix}"
+  description                        = try(each.value.description, "")
+  type                               = each.value.type
+  map                                = try(each.value.map, local.defaults.apic.access_policies.leaf_interface_policy_groups.map)
+  link_level_policy                  = try("${each.value.link_level_policy}${local.defaults.apic.access_policies.interface_policies.link_level_policies.name_suffix}", "")
+  cdp_policy                         = try("${each.value.cdp_policy}${local.defaults.apic.access_policies.interface_policies.cdp_policies.name_suffix}", "")
+  egress_data_plane_policing_policy  = try("${each.value.egress_data_plane_policing_policy}${local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.name_suffix}", "")
+  ingress_data_plane_policing_policy = try("${each.value.ingress_data_plane_policing_policy}${local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.name_suffix}", "")
+  lldp_policy                        = try("${each.value.lldp_policy}${local.defaults.apic.access_policies.interface_policies.lldp_policies.name_suffix}", "")
+  spanning_tree_policy               = try("${each.value.spanning_tree_policy}${local.defaults.apic.access_policies.interface_policies.spanning_tree_policies.name_suffix}", "")
+  mcp_policy                         = try("${each.value.mcp_policy}${local.defaults.apic.access_policies.interface_policies.mcp_policies.name_suffix}", "")
+  l2_policy                          = try("${each.value.l2_policy}${local.defaults.apic.access_policies.interface_policies.l2_policies.name_suffix}", "")
+  storm_control_policy               = try("${each.value.storm_control_policy}${local.defaults.apic.access_policies.interface_policies.storm_control_policies.name_suffix}", "")
+  port_channel_policy                = try("${each.value.port_channel_policy}${local.defaults.apic.access_policies.interface_policies.port_channel_policies.name_suffix}", "")
+  port_channel_member_policy         = try("${each.value.port_channel_member_policy}${local.defaults.apic.access_policies.interface_policies.port_channel_member_policies.name_suffix}", "")
   netflow_monitor_policies = [for monitor in try(each.value.netflow_monitor_policies, []) : {
     name           = "${monitor.name}${local.defaults.apic.access_policies.interface_policies.netflow_monitors.name_suffix}"
     ip_filter_type = try(monitor.ip_filter_type, local.defaults.apic.access_policies.leaf_interface_policy_groups.netflow_monitor_policies.ip_filter_type)
@@ -406,6 +436,7 @@ module "aci_access_leaf_interface_policy_group" {
   depends_on = [
     module.aci_link_level_policy,
     module.aci_cdp_policy,
+    module.aci_data_plane_policing_policy,
     module.aci_lldp_policy,
     module.aci_spanning_tree_policy,
     module.aci_mcp_policy,