From 9629f1bee11de0fcc9e8705c7ddbc16296e05201 Mon Sep 17 00:00:00 2001 From: Doug Byrd Date: Thu, 12 Sep 2024 15:08:57 -0400 Subject: [PATCH] M: aci-access-leaf-interface-policy-group M: aci-endpoint-group M: aci-l3out-interface-profile M: aci_access_policies.tf M: aci_tenants.tf M: defaults.yaml M: modules.yaml --- .pre-commit-config.yaml | 4 + README.md | 2 + aci_access_policies.tf | 59 ++++- aci_tenants.tf | 242 ++++++++++++------ defaults/defaults.yaml | 46 ++++ defaults/modules.yaml | 1 + .../README.md | 4 + .../main.tf | 18 ++ .../variables.tf | 23 ++ .../terraform-aci-endpoint-group/README.md | 2 + modules/terraform-aci-endpoint-group/main.tf | 8 + .../terraform-aci-endpoint-group/variables.tf | 11 + .../README.md | 4 + .../main.tf | 16 ++ .../variables.tf | 22 ++ 15 files changed, 366 insertions(+), 96 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ea5acaea..42b20f6b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -161,6 +161,10 @@ repos: args: ["./modules/terraform-aci-coop-policy"] - id: terraform-docs-system args: ["./modules/terraform-aci-coop-policy/examples/complete"] + - id: terraform-docs-system + args: ["./modules/terraform-aci-data-plane-policing-policy"] + - id: terraform-docs-system + args: ["./modules/terraform-aci-data-plane-policing-policy/examples/complete"] - id: terraform-docs-system args: ["./modules/terraform-aci-date-time-format"] - id: terraform-docs-system diff --git a/README.md b/README.md index 616e1c90..d82f0fd7 100644 --- a/README.md +++ b/README.md @@ -182,6 +182,7 @@ Additional example repositories: | [aci\_config\_passphrase](#module\_aci\_config\_passphrase) | ./modules/terraform-aci-config-passphrase | n/a | | [aci\_contract](#module\_aci\_contract) | ./modules/terraform-aci-contract | n/a | | [aci\_coop\_policy](#module\_aci\_coop\_policy) | ./modules/terraform-aci-coop-policy | n/a | +| [aci\_data\_plane\_policing\_policy](#module\_aci\_data\_plane\_policing\_policy) | ./modules/terraform-aci-data-plane-policing-policy | n/a | | [aci\_date\_time\_format](#module\_aci\_date\_time\_format) | ./modules/terraform-aci-date-time-format | n/a | | [aci\_date\_time\_policy](#module\_aci\_date\_time\_policy) | ./modules/terraform-aci-date-time-policy | n/a | | [aci\_device\_selection\_policy](#module\_aci\_device\_selection\_policy) | ./modules/terraform-aci-device-selection-policy | n/a | @@ -314,6 +315,7 @@ Additional example repositories: | [aci\_system\_performance](#module\_aci\_system\_performance) | ./modules/terraform-aci-system-performance | n/a | | [aci\_tacacs](#module\_aci\_tacacs) | ./modules/terraform-aci-tacacs | n/a | | [aci\_tenant](#module\_aci\_tenant) | ./modules/terraform-aci-tenant | n/a | +| [aci\_tenant\_data\_plane\_policing\_policy](#module\_aci\_tenant\_data\_plane\_policing\_policy) | ./modules/terraform-aci-data-plane-policing-policy | n/a | | [aci\_tenant\_span\_destination\_group](#module\_aci\_tenant\_span\_destination\_group) | ./modules/terraform-aci-tenant-span-destination-group | n/a | | [aci\_tenant\_span\_source\_group](#module\_aci\_tenant\_span\_source\_group) | ./modules/terraform-aci-tenant-span-source-group | n/a | | [aci\_track\_list](#module\_aci\_track\_list) | ./modules/terraform-aci-track-list | n/a | diff --git a/aci_access_policies.tf b/aci_access_policies.tf index d2fdbb9d..8ec34f95 100644 --- a/aci_access_policies.tf +++ b/aci_access_policies.tf @@ -281,6 +281,34 @@ module "aci_cdp_policy" { admin_state = each.value.admin_state } +module "aci_data_plane_policing_policy" { + source = "./modules/terraform-aci-data-plane-policing-policy" + + for_each = { for dpp in try(local.access_policies.interface_policies.data_plane_policing_policies, []) : dpp.name => dpp if local.modules.aci_data_plane_policing_policy && var.manage_access_policies } + name = "${each.value.name}${local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.name_suffix}" + admin_state = try(each.value.admin_state, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.admin_state) + type = try(each.value.type, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.type) + mode = try(each.value.mode, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.mode) + sharing_mode = try(each.value.sharing_mode, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.sharing_mode) + rate = try(each.value.rate, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.rate) + rate_unit = try(each.value.rate_unit, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.rate_unit) + burst = try(each.value.burst, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.burst) + burst_unit = try(each.value.burst_unit, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.burst_unit) + conform_action = try(each.value.conform_action, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.conform_action) + conform_mark_cos = try(each.value.conform_action == "mark", false) ? try(each.value.conform_mark_cos, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.conform_mark_cos) : null + conform_mark_dscp = try(each.value.conform_action == "mark", false) ? try(each.value.conform_mark_dscp, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.conform_mark_dscp) : null + exceed_action = try(each.value.exceed_action, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.exceed_action) + exceed_mark_cos = try(each.value.exceed_action == "mark", false) ? try(each.value.exceed_mark_cos, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.exceed_mark_cos) : null + exceed_mark_dscp = try(each.value.exceed_action == "mark", false) ? try(each.value.exceed_mark_dscp, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.exceed_mark_dscp) : null + violate_action = try(each.value.violate_action, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.violate_action) + violate_mark_cos = try(each.value.violate_action == "mark", false) ? try(each.value.violate_mark_cos, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.violate_mark_cos) : null + violate_mark_dscp = try(each.value.violate_action == "mark", false) ? try(each.value.violate_mark_dscp, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.violate_mark_dscp) : null + pir = try(each.value.type == "2R3C", false) ? try(each.value.pir, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.pir) : null + pir_unit = try(each.value.type == "2R3C", false) ? try(each.value.pir_unit, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.pir_unit) : null + burst_excessive = try(each.value.type == "2R3C", false) ? try(each.value.burst_excessive, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.burst_excessive) : null + burst_excessive_unit = try(each.value.type == "2R3C", false) ? try(each.value.burst_excessive_unit, local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.burst_excessive_unit) : null +} + module "aci_lldp_policy" { source = "./modules/terraform-aci-lldp-policy" @@ -383,20 +411,22 @@ module "aci_storm_control_policy" { module "aci_access_leaf_interface_policy_group" { source = "./modules/terraform-aci-access-leaf-interface-policy-group" - for_each = { for pg in try(local.access_policies.leaf_interface_policy_groups, []) : pg.name => pg if local.modules.aci_access_leaf_interface_policy_group && var.manage_access_policies } - name = "${each.value.name}${local.defaults.apic.access_policies.leaf_interface_policy_groups.name_suffix}" - description = try(each.value.description, "") - type = each.value.type - map = try(each.value.map, local.defaults.apic.access_policies.leaf_interface_policy_groups.map) - link_level_policy = try("${each.value.link_level_policy}${local.defaults.apic.access_policies.interface_policies.link_level_policies.name_suffix}", "") - cdp_policy = try("${each.value.cdp_policy}${local.defaults.apic.access_policies.interface_policies.cdp_policies.name_suffix}", "") - lldp_policy = try("${each.value.lldp_policy}${local.defaults.apic.access_policies.interface_policies.lldp_policies.name_suffix}", "") - spanning_tree_policy = try("${each.value.spanning_tree_policy}${local.defaults.apic.access_policies.interface_policies.spanning_tree_policies.name_suffix}", "") - mcp_policy = try("${each.value.mcp_policy}${local.defaults.apic.access_policies.interface_policies.mcp_policies.name_suffix}", "") - l2_policy = try("${each.value.l2_policy}${local.defaults.apic.access_policies.interface_policies.l2_policies.name_suffix}", "") - storm_control_policy = try("${each.value.storm_control_policy}${local.defaults.apic.access_policies.interface_policies.storm_control_policies.name_suffix}", "") - port_channel_policy = try("${each.value.port_channel_policy}${local.defaults.apic.access_policies.interface_policies.port_channel_policies.name_suffix}", "") - port_channel_member_policy = try("${each.value.port_channel_member_policy}${local.defaults.apic.access_policies.interface_policies.port_channel_member_policies.name_suffix}", "") + for_each = { for pg in try(local.access_policies.leaf_interface_policy_groups, []) : pg.name => pg if local.modules.aci_access_leaf_interface_policy_group && var.manage_access_policies } + name = "${each.value.name}${local.defaults.apic.access_policies.leaf_interface_policy_groups.name_suffix}" + description = try(each.value.description, "") + type = each.value.type + map = try(each.value.map, local.defaults.apic.access_policies.leaf_interface_policy_groups.map) + link_level_policy = try("${each.value.link_level_policy}${local.defaults.apic.access_policies.interface_policies.link_level_policies.name_suffix}", "") + cdp_policy = try("${each.value.cdp_policy}${local.defaults.apic.access_policies.interface_policies.cdp_policies.name_suffix}", "") + egress_data_plane_policing_policy = try("${each.value.egress_data_plane_policing_policy}${local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.name_suffix}", "") + ingress_data_plane_policing_policy = try("${each.value.ingress_data_plane_policing_policy}${local.defaults.apic.access_policies.interface_policies.data_plane_policing_policies.name_suffix}", "") + lldp_policy = try("${each.value.lldp_policy}${local.defaults.apic.access_policies.interface_policies.lldp_policies.name_suffix}", "") + spanning_tree_policy = try("${each.value.spanning_tree_policy}${local.defaults.apic.access_policies.interface_policies.spanning_tree_policies.name_suffix}", "") + mcp_policy = try("${each.value.mcp_policy}${local.defaults.apic.access_policies.interface_policies.mcp_policies.name_suffix}", "") + l2_policy = try("${each.value.l2_policy}${local.defaults.apic.access_policies.interface_policies.l2_policies.name_suffix}", "") + storm_control_policy = try("${each.value.storm_control_policy}${local.defaults.apic.access_policies.interface_policies.storm_control_policies.name_suffix}", "") + port_channel_policy = try("${each.value.port_channel_policy}${local.defaults.apic.access_policies.interface_policies.port_channel_policies.name_suffix}", "") + port_channel_member_policy = try("${each.value.port_channel_member_policy}${local.defaults.apic.access_policies.interface_policies.port_channel_member_policies.name_suffix}", "") netflow_monitor_policies = [for monitor in try(each.value.netflow_monitor_policies, []) : { name = "${monitor.name}${local.defaults.apic.access_policies.interface_policies.netflow_monitors.name_suffix}" ip_filter_type = try(monitor.ip_filter_type, local.defaults.apic.access_policies.leaf_interface_policy_groups.netflow_monitor_policies.ip_filter_type) @@ -406,6 +436,7 @@ module "aci_access_leaf_interface_policy_group" { depends_on = [ module.aci_link_level_policy, module.aci_cdp_policy, + module.aci_data_plane_policing_policy, module.aci_lldp_policy, module.aci_spanning_tree_policy, module.aci_mcp_policy, diff --git a/aci_tenants.tf b/aci_tenants.tf index 9766ec22..450b83d6 100644 --- a/aci_tenants.tf +++ b/aci_tenants.tf @@ -307,6 +307,7 @@ locals { qos_class = try(epg.qos_class, local.defaults.apic.tenants.application_profiles.endpoint_groups.qos_class) custom_qos_policy = try("${epg.custom_qos_policy}${local.defaults.apic.tenants.policies.custom_qos.name_suffix}", "") bridge_domain = try("${epg.bridge_domain}${local.defaults.apic.tenants.bridge_domains.name_suffix}", "") + data_plane_policing_policy = try("${epg.data_plane_policing_policy}${local.defaults.apic.tenants.policies.data_plane_policing_policy.name_suffix}", "") tags = try(epg.tags, []) trust_control_policy = try("${epg.trust_control_policy}${local.defaults.apic.tenants.policies.trust_control_policies.name_suffix}", "") contract_consumers = try([for contract in epg.contracts.consumers : "${contract}${local.defaults.apic.tenants.contracts.name_suffix}"], []) @@ -437,6 +438,7 @@ module "aci_endpoint_group" { qos_class = each.value.qos_class custom_qos_policy = each.value.custom_qos_policy bridge_domain = each.value.bridge_domain + data_plane_policing_policy = each.value.data_plane_policing_policy tags = each.value.tags trust_control_policy = each.value.trust_control_policy contract_consumers = each.value.contract_consumers @@ -495,6 +497,7 @@ module "aci_endpoint_group" { module.aci_tenant, module.aci_application_profile, module.aci_bridge_domain, + module.aci_data_plane_policing_policy, module.aci_contract, module.aci_imported_contract, module.aci_vmware_vmm_domain, @@ -1115,27 +1118,29 @@ locals { for l3out in try(tenant.l3outs, []) : [ for np in try(l3out.node_profiles, []) : [ for ip in try(np.interface_profiles, []) : { - key = format("%s/%s/%s/%s", tenant.name, l3out.name, np.name, ip.name) - tenant = tenant.name - l3out = l3out.name - node_profile = np.name - name = "${ip.name}${local.defaults.apic.tenants.l3outs.node_profiles.interface_profiles.name_suffix}" - description = try(ip.description, "") - multipod = try(l3out.multipod, local.defaults.apic.tenants.l3outs.multipod) - remote_leaf = try(l3out.remote_leaf, local.defaults.apic.tenants.l3outs.remote_leaf) - bfd_policy = try("${ip.bfd_policy}${local.defaults.apic.tenants.policies.bfd_interface_policies.name_suffix}", "") - ospf_interface_profile_name = try(ip.ospf.ospf_interface_profile_name, l3out.name) - ospf_authentication_key = try(ip.ospf.auth_key, "") - ospf_authentication_key_id = try(ip.ospf.auth_key_id, "1") - ospf_authentication_type = try(ip.ospf.auth_type, "none") - ospf_interface_policy = try(ip.ospf.policy, "") - eigrp_interface_profile_name = try(ip.eigrp.interface_profile_name, l3out.name) - eigrp_interface_policy = try(ip.eigrp.interface_policy, "") - eigrp_keychain_policy = try(ip.eigrp.keychain_policy, "") - pim_policy = try("${ip.pim_policy}${local.defaults.apic.tenants.policies.pim_policies.name_suffix}", "") - igmp_interface_policy = try("${ip.igmp_interface_policy}${local.defaults.apic.tenants.policies.igmp_interface_policies.name_suffix}", "") - qos_class = try(ip.qos_class, local.defaults.apic.tenants.l3outs.node_profiles.interface_profiles.qos_class) - custom_qos_policy = try("${ip.custom_qos_policy}${local.defaults.apic.tenants.policies.custom_qos.name_suffix}", "") + key = format("%s/%s/%s/%s", tenant.name, l3out.name, np.name, ip.name) + tenant = tenant.name + l3out = l3out.name + node_profile = np.name + name = "${ip.name}${local.defaults.apic.tenants.l3outs.node_profiles.interface_profiles.name_suffix}" + description = try(ip.description, "") + multipod = try(l3out.multipod, local.defaults.apic.tenants.l3outs.multipod) + remote_leaf = try(l3out.remote_leaf, local.defaults.apic.tenants.l3outs.remote_leaf) + bfd_policy = try("${ip.bfd_policy}${local.defaults.apic.tenants.policies.bfd_interface_policies.name_suffix}", "") + ospf_interface_profile_name = try(ip.ospf.ospf_interface_profile_name, l3out.name) + ospf_authentication_key = try(ip.ospf.auth_key, "") + ospf_authentication_key_id = try(ip.ospf.auth_key_id, "1") + ospf_authentication_type = try(ip.ospf.auth_type, "none") + ospf_interface_policy = try(ip.ospf.policy, "") + eigrp_interface_profile_name = try(ip.eigrp.interface_profile_name, l3out.name) + eigrp_interface_policy = try(ip.eigrp.interface_policy, "") + eigrp_keychain_policy = try(ip.eigrp.keychain_policy, "") + pim_policy = try("${ip.pim_policy}${local.defaults.apic.tenants.policies.pim_policies.name_suffix}", "") + igmp_interface_policy = try("${ip.igmp_interface_policy}${local.defaults.apic.tenants.policies.igmp_interface_policies.name_suffix}", "") + qos_class = try(ip.qos_class, local.defaults.apic.tenants.l3outs.node_profiles.interface_profiles.qos_class) + custom_qos_policy = try("${ip.custom_qos_policy}${local.defaults.apic.tenants.policies.custom_qos.name_suffix}", "") + egress_data_plane_policing_policy = try("${ip.egress_data_plane_policing_policy}${local.defaults.apic.tenants.policies.data_plane_policing_policies.name_suffix}", "") + ingress_data_plane_policing_policy = try("${ip.ingress_data_plane_policing_policy}${local.defaults.apic.tenants.policies.data_plane_policing_policies.name_suffix}", "") dhcp_labels = [for label in try(ip.dhcp_labels, []) : { dhcp_relay_policy = try("${label.dhcp_relay_policy}${local.defaults.apic.tenants.policies.dhcp_relay_policies.name_suffix}", "") dhcp_option_policy = try("${label.dhcp_option_policy}${local.defaults.apic.tenants.policies.dhcp_option_policies.name_suffix}", "") @@ -1212,28 +1217,30 @@ locals { module "aci_l3out_interface_profile_manual" { source = "./modules/terraform-aci-l3out-interface-profile" - for_each = { for ip in local.interface_profiles_manual : ip.key => ip if local.modules.aci_l3out_interface_profile && var.manage_tenants } - tenant = each.value.tenant - l3out = each.value.l3out - node_profile = each.value.node_profile - name = each.value.name - description = each.value.description - multipod = each.value.multipod - remote_leaf = each.value.remote_leaf - bfd_policy = each.value.bfd_policy - ospf_interface_profile_name = each.value.ospf_interface_profile_name - ospf_authentication_key = each.value.ospf_authentication_key - ospf_authentication_key_id = each.value.ospf_authentication_key_id - ospf_authentication_type = each.value.ospf_authentication_type - ospf_interface_policy = each.value.ospf_interface_policy - eigrp_interface_profile_name = each.value.eigrp_interface_profile_name - eigrp_interface_policy = each.value.eigrp_interface_policy - eigrp_keychain_policy = each.value.eigrp_keychain_policy - pim_policy = each.value.pim_policy - igmp_interface_policy = each.value.igmp_interface_policy - qos_class = each.value.qos_class - custom_qos_policy = each.value.custom_qos_policy - dhcp_labels = each.value.dhcp_labels + for_each = { for ip in local.interface_profiles_manual : ip.key => ip if local.modules.aci_l3out_interface_profile && var.manage_tenants } + tenant = each.value.tenant + l3out = each.value.l3out + node_profile = each.value.node_profile + name = each.value.name + description = each.value.description + multipod = each.value.multipod + remote_leaf = each.value.remote_leaf + bfd_policy = each.value.bfd_policy + ospf_interface_profile_name = each.value.ospf_interface_profile_name + ospf_authentication_key = each.value.ospf_authentication_key + ospf_authentication_key_id = each.value.ospf_authentication_key_id + ospf_authentication_type = each.value.ospf_authentication_type + ospf_interface_policy = each.value.ospf_interface_policy + eigrp_interface_profile_name = each.value.eigrp_interface_profile_name + eigrp_interface_policy = each.value.eigrp_interface_policy + eigrp_keychain_policy = each.value.eigrp_keychain_policy + pim_policy = each.value.pim_policy + igmp_interface_policy = each.value.igmp_interface_policy + qos_class = each.value.qos_class + custom_qos_policy = each.value.custom_qos_policy + dhcp_labels = each.value.dhcp_labels + egress_data_plane_policing_policy = try("${ip.egress_data_plane_policing_policy}${local.defaults.apic.tenants.policies.data_plane_policing_policies.name_suffix}", "") + ingress_data_plane_policing_policy = try("${ip.ingress_data_plane_policing_policy}${local.defaults.apic.tenants.policies.data_plane_policing_policies.name_suffix}", "") interfaces = [for int in try(each.value.interfaces, []) : { ip = int.ip svi = int.svi @@ -1273,25 +1280,27 @@ locals { interface_profiles_auto = flatten([ for tenant in local.tenants : [ for l3out in try(tenant.l3outs, []) : { - key = format("%s/%s", tenant.name, l3out.name) - tenant = tenant.name - l3out = l3out.name - node_profile = l3out.name - name = l3out.name - multipod = try(l3out.multipod, local.defaults.apic.tenants.l3outs.multipod) - remote_leaf = try(l3out.remote_leaf, local.defaults.apic.tenants.l3outs.remote_leaf) - bfd_policy = try("${l3out.bfd_policy}${local.defaults.apic.tenants.policies.bfd_interface_policies.name_suffix}", "") - ospf_interface_profile_name = try(l3out.ospf.ospf_interface_profile_name, l3out.name) - ospf_authentication_key = try(l3out.ospf.auth_key, "") - ospf_authentication_key_id = try(l3out.ospf.auth_key_id, "1") - ospf_authentication_type = try(l3out.ospf.auth_type, "none") - ospf_interface_policy = try(l3out.ospf.policy, "") - eigrp_interface_profile_name = try(l3out.eigrp.interface_profile_name, l3out.name) - eigrp_interface_policy = try(l3out.eigrp.interface_policy, "") - pim_policy = try("${l3out.pim_policy}${local.defaults.apic.tenants.policies.pim_policies.name_suffix}", "") - igmp_interface_policy = try("${l3out.igmp_interface_policy}${local.defaults.apic.tenants.policies.igmp_interface_policies.name_suffix}", "") - qos_class = try(l3out.qos_class, local.defaults.apic.tenants.l3outs.node_profiles.interface_profiles.qos_class) - custom_qos_policy = try("${l3out.custom_qos_policy}${local.defaults.apic.tenants.policies.custom_qos.name_suffix}", "") + key = format("%s/%s", tenant.name, l3out.name) + tenant = tenant.name + l3out = l3out.name + node_profile = l3out.name + name = l3out.name + multipod = try(l3out.multipod, local.defaults.apic.tenants.l3outs.multipod) + remote_leaf = try(l3out.remote_leaf, local.defaults.apic.tenants.l3outs.remote_leaf) + bfd_policy = try("${l3out.bfd_policy}${local.defaults.apic.tenants.policies.bfd_interface_policies.name_suffix}", "") + ospf_interface_profile_name = try(l3out.ospf.ospf_interface_profile_name, l3out.name) + ospf_authentication_key = try(l3out.ospf.auth_key, "") + ospf_authentication_key_id = try(l3out.ospf.auth_key_id, "1") + ospf_authentication_type = try(l3out.ospf.auth_type, "none") + ospf_interface_policy = try(l3out.ospf.policy, "") + eigrp_interface_profile_name = try(l3out.eigrp.interface_profile_name, l3out.name) + eigrp_interface_policy = try(l3out.eigrp.interface_policy, "") + pim_policy = try("${l3out.pim_policy}${local.defaults.apic.tenants.policies.pim_policies.name_suffix}", "") + igmp_interface_policy = try("${l3out.igmp_interface_policy}${local.defaults.apic.tenants.policies.igmp_interface_policies.name_suffix}", "") + qos_class = try(l3out.qos_class, local.defaults.apic.tenants.l3outs.node_profiles.interface_profiles.qos_class) + custom_qos_policy = try("${l3out.custom_qos_policy}${local.defaults.apic.tenants.policies.custom_qos.name_suffix}", "") + egress_data_plane_policing_policy = try("${l3out.egress_data_plane_policing_policy}${local.defaults.apic.tenants.policies.data_plane_policing_policies.name_suffix}", "") + ingress_data_plane_policing_policy = try("${l3out.ingress_data_plane_policing_policy}${local.defaults.apic.tenants.policies.data_plane_policing_policies.name_suffix}", "") dhcp_labels = [for label in try(l3out.dhcp_labels, []) : { dhcp_relay_policy = try("${label.dhcp_relay_policy}${local.defaults.apic.tenants.policies.dhcp_relay_policies.name_suffix}", "") dhcp_option_policy = try("${label.dhcp_option_policy}${local.defaults.apic.tenants.policies.dhcp_option_policies.name_suffix}", "") @@ -1368,26 +1377,28 @@ locals { module "aci_l3out_interface_profile_auto" { source = "./modules/terraform-aci-l3out-interface-profile" - for_each = { for ip in local.interface_profiles_auto : ip.key => ip if local.modules.aci_l3out_interface_profile && var.manage_tenants } - tenant = each.value.tenant - l3out = each.value.l3out - node_profile = each.value.node_profile - name = each.value.name - multipod = each.value.multipod - remote_leaf = each.value.remote_leaf - bfd_policy = each.value.bfd_policy - ospf_interface_profile_name = each.value.ospf_interface_profile_name - ospf_authentication_key = each.value.ospf_authentication_key - ospf_authentication_key_id = each.value.ospf_authentication_key_id - ospf_authentication_type = each.value.ospf_authentication_type - ospf_interface_policy = each.value.ospf_interface_policy - eigrp_interface_profile_name = each.value.eigrp_interface_profile_name - eigrp_interface_policy = each.value.eigrp_interface_policy - pim_policy = each.value.pim_policy - igmp_interface_policy = each.value.igmp_interface_policy - qos_class = each.value.qos_class - custom_qos_policy = each.value.custom_qos_policy - dhcp_labels = each.value.dhcp_labels + for_each = { for ip in local.interface_profiles_auto : ip.key => ip if local.modules.aci_l3out_interface_profile && var.manage_tenants } + tenant = each.value.tenant + l3out = each.value.l3out + node_profile = each.value.node_profile + name = each.value.name + multipod = each.value.multipod + remote_leaf = each.value.remote_leaf + bfd_policy = each.value.bfd_policy + ospf_interface_profile_name = each.value.ospf_interface_profile_name + ospf_authentication_key = each.value.ospf_authentication_key + ospf_authentication_key_id = each.value.ospf_authentication_key_id + ospf_authentication_type = each.value.ospf_authentication_type + ospf_interface_policy = each.value.ospf_interface_policy + eigrp_interface_profile_name = each.value.eigrp_interface_profile_name + eigrp_interface_policy = each.value.eigrp_interface_policy + pim_policy = each.value.pim_policy + igmp_interface_policy = each.value.igmp_interface_policy + qos_class = each.value.qos_class + custom_qos_policy = each.value.custom_qos_policy + dhcp_labels = each.value.dhcp_labels + egress_data_plane_policing_policy = each.value.egress_data_plane_policing_policy + ingress_data_plane_policing_policy = each.value.ingress_data_plane_policing_policy interfaces = [for int in try(each.value.interfaces, []) : { ip = int.ip svi = int.svi @@ -2541,6 +2552,73 @@ locals { ]) } +locals { + data_plane_policing_policies = flatten([ + for tenant in local.tenants : [ + for policy in try(tenant.policies.data_plane_policing_policies, []) : { + key = format("%s/%s", tenant.name, policy.name) + tenant = tenant.name + name = "${policy.name}${local.defaults.apic.tenants.policies.data_plane_policing_policies.name_suffix}" + admin_state = try(policy.admin_state, local.defaults.apic.tenants.policies.data_plane_policing_policies.admin_state) + type = try(policy.type, local.defaults.apic.tenants.policies.data_plane_policing_policies.type) + mode = try(policy.mode, local.defaults.apic.tenants.policies.data_plane_policing_policies.mode) + sharing_mode = try(policy.sharing_mode, local.defaults.apic.tenants.policies.data_plane_policing_policies.sharing_mode) + rate = try(policy.rate, local.defaults.apic.tenants.policies.data_plane_policing_policies.rate) + rate_unit = try(policy.rate_unit, local.defaults.apic.tenants.policies.data_plane_policing_policies.rate_unit) + burst = try(policy.burst, local.defaults.apic.tenants.policies.data_plane_policing_policies.burst) + burst_unit = try(policy.burst_unit, local.defaults.apic.tenants.policies.data_plane_policing_policies.burst_unit) + conform_action = try(policy.conform_action, local.defaults.apic.tenants.policies.data_plane_policing_policies.conform_action) + conform_mark_cos = try(policy.conform_action == "mark", false) ? try(policy.conform_mark_cos, local.defaults.apic.tenants.policies.data_plane_policing_policies.conform_mark_cos) : null + conform_mark_dscp = try(policy.conform_action == "mark", false) ? try(policy.conform_mark_dscp, local.defaults.apic.tenants.policies.data_plane_policing_policies.conform_mark_dscp) : null + exceed_action = try(policy.exceed_action, local.defaults.apic.tenants.policies.data_plane_policing_policies.exceed_action) + exceed_mark_cos = try(policy.exceed_action == "mark", false) ? try(policy.exceed_mark_cos, local.defaults.apic.tenants.policies.data_plane_policing_policies.exceed_mark_cos) : null + exceed_mark_dscp = try(policy.exceed_action == "mark", false) ? try(policy.exceed_mark_dscp, local.defaults.apic.tenants.policies.data_plane_policing_policies.exceed_mark_dscp) : null + violate_action = try(policy.violate_action, local.defaults.apic.tenants.policies.data_plane_policing_policies.violate_action) + violate_mark_cos = try(policy.violate_action == "mark", false) ? try(policy.violate_mark_cos, local.defaults.apic.tenants.policies.data_plane_policing_policies.violate_mark_cos) : null + violate_mark_dscp = try(policy.violate_action == "mark", false) ? try(policy.violate_mark_dscp, local.defaults.apic.tenants.policies.data_plane_policing_policies.violate_mark_dscp) : null + pir = try(policy.type == "2R3C", false) ? try(policy.pir, local.defaults.apic.tenants.policies.data_plane_policing_policies.pir) : null + pir_unit = try(policy.type == "2R3C", false) ? try(policy.pir_unit, local.defaults.apic.tenants.policies.data_plane_policing_policies.pir_unit) : null + burst_excessive = try(policy.type == "2R3C", false) ? try(policy.burst_excessive, local.defaults.apic.tenants.policies.data_plane_policing_policies.burst_excessive) : null + burst_excessive_unit = try(policy.type == "2R3C", false) ? try(policy.burst_excessive_unit, local.defaults.apic.tenants.policies.data_plane_policing_policies.burst_excessive_unit) : null + + } + ] + ]) +} + +module "aci_tenant_data_plane_policing_policy" { + source = "./modules/terraform-aci-data-plane-policing-policy" + + for_each = { for dpp in try(local.data_plane_policing_policies, []) : dpp.name => dpp if local.modules.aci_data_plane_policing_policy && var.manage_tenants } + name = "${each.value.name}${local.defaults.apic.tenants.policies.data_plane_policing_policies.name_suffix}" + tenant = each.value.tenant + admin_state = each.value.admin_state + type = each.value.type + mode = each.value.mode + sharing_mode = each.value.sharing_mode + rate = each.value.rate + rate_unit = each.value.rate_unit + burst = each.value.burst + burst_unit = each.value.burst_unit + conform_action = each.value.conform_action + conform_mark_cos = each.value.conform_mark_cos + conform_mark_dscp = each.value.conform_mark_dscp + exceed_action = each.value.exceed_action + exceed_mark_cos = each.value.exceed_mark_cos + exceed_mark_dscp = each.value.exceed_mark_dscp + violate_action = each.value.violate_action + violate_mark_cos = each.value.violate_mark_cos + violate_mark_dscp = each.value.violate_mark_dscp + pir = each.value.pir + pir_unit = each.value.pir_unit + burst_excessive = each.value.burst_excessive + burst_excessive_unit = each.value.burst_excessive_unit + + depends_on = [ + module.aci_tenant, + ] +} + module "aci_mpls_custom_qos_policy" { source = "./modules/terraform-aci-mpls-custom-qos-policy" diff --git a/defaults/defaults.yaml b/defaults/defaults.yaml index e8160e96..39dcff80 100644 --- a/defaults/defaults.yaml +++ b/defaults/defaults.yaml @@ -487,6 +487,29 @@ defaults: interface_policies: cdp_policies: name_suffix: "" + data_plane_policing_policies: + name_suffix: "" + admin_state: true + type: 1R2C + mode: bit + sharing_mode: dedicated + rate: 0 + pir: 0 + pir_unit: unspecified + rate_unit: unspecified + burst_excessive: unspecified + burst_excessive_unit: unspecified + burst: unspecified + burst_unit: unspecified + conform_action: transmit + conform_mark_cos: unspecified + conform_mark_dscp: unspecified + exceed_action: transmit + exceed_mark_cos: unspecified + exceed_mark_dscp: unspecified + violate_action: transmit + violate_mark_cos: unspecified + violate_mark_dscp: unspecified lldp_policies: name_suffix: "" link_level_policies: @@ -1176,6 +1199,29 @@ defaults: priority: 1 lsa_retransmit_interval: 5 lsa_transmit_delay: 1 + data_plane_policing_policies: + name_suffix: "" + admin_state: true + type: 1R2C + mode: bit + sharing_mode: dedicated + rate: 0 + pir: 0 + pir_unit: unspecified + rate_unit: unspecified + burst_excessive: unspecified + burst_excessive_unit: unspecified + burst: unspecified + burst_unit: unspecified + conform_action: transmit + conform_mark_cos: unspecified + conform_mark_dscp: unspecified + exceed_action: transmit + exceed_mark_cos: unspecified + exceed_mark_dscp: unspecified + violate_action: transmit + violate_mark_cos: unspecified + violate_mark_dscp: unspecified eigrp_interface_policies: name_suffix: "" bfd: false diff --git a/defaults/modules.yaml b/defaults/modules.yaml index 0595b421..b4b0202a 100644 --- a/defaults/modules.yaml +++ b/defaults/modules.yaml @@ -37,6 +37,7 @@ modules: aci_contract: true aci_coop_policy: true aci_date_time_format: true + aci_data_plane_policing_policy: true aci_date_time_policy: true aci_device_selection_policy: true aci_dhcp_option_policy: true diff --git a/modules/terraform-aci-access-leaf-interface-policy-group/README.md b/modules/terraform-aci-access-leaf-interface-policy-group/README.md index 9518c40c..055d1a68 100644 --- a/modules/terraform-aci-access-leaf-interface-policy-group/README.md +++ b/modules/terraform-aci-access-leaf-interface-policy-group/README.md @@ -52,6 +52,8 @@ module "aci_access_leaf_interface_policy_group" { | [map](#input\_map) | Breakout map. Only relevant if `type` is `breakout`. Choices: `none`, `10g-4x`, `25g-4x`, `100g-2x`, `50g-8x`, `100g-4x`. | `string` | `"none"` | no | | [link\_level\_policy](#input\_link\_level\_policy) | Link level policy name. | `string` | `""` | no | | [cdp\_policy](#input\_cdp\_policy) | CDP policy name. | `string` | `""` | no | +| [ingress\_data\_plane\_policing\_policy](#input\_ingress\_data\_plane\_policing\_policy) | Ingress Data Plane Policing policy name. | `string` | `""` | no | +| [egress\_data\_plane\_policing\_policy](#input\_egress\_data\_plane\_policing\_policy) | Egress Data Plane Policing policy name. | `string` | `""` | no | | [lldp\_policy](#input\_lldp\_policy) | LLDP policy name. | `string` | `""` | no | | [spanning\_tree\_policy](#input\_spanning\_tree\_policy) | Spanning tree policy name. | `string` | `""` | no | | [mcp\_policy](#input\_mcp\_policy) | MCP policy name. | `string` | `""` | no | @@ -84,6 +86,8 @@ module "aci_access_leaf_interface_policy_group" { | [aci_rest_managed.infraRsLldpIfPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.infraRsMcpIfPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.infraRsNetflowMonitorPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | +| [aci_rest_managed.infraRsQosEgressDppIfPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | +| [aci_rest_managed.infraRsQosIngressDppIfPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.infraRsStormctrlIfPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.infraRsStpIfPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | \ No newline at end of file diff --git a/modules/terraform-aci-access-leaf-interface-policy-group/main.tf b/modules/terraform-aci-access-leaf-interface-policy-group/main.tf index 8e72488e..dee94de9 100644 --- a/modules/terraform-aci-access-leaf-interface-policy-group/main.tf +++ b/modules/terraform-aci-access-leaf-interface-policy-group/main.tf @@ -36,6 +36,24 @@ resource "aci_rest_managed" "infraRsLldpIfPol" { } } +resource "aci_rest_managed" "infraRsQosEgressDppIfPol" { + count = var.type != "breakout" ? 1 : 0 + dn = "${aci_rest_managed.infraAccGrp.dn}/rsQosEgressDppIfPol" + class_name = "infraRsQosEgressDppIfPol" + content = { + tnQosDppPolName = var.egress_data_plane_policing_policy + } +} + +resource "aci_rest_managed" "infraRsQosIngressDppIfPol" { + count = var.type != "breakout" ? 1 : 0 + dn = "${aci_rest_managed.infraAccGrp.dn}/rsQosIngressDppIfPol" + class_name = "infraRsQosIngressDppIfPol" + content = { + tnQosDppPolName = var.ingress_data_plane_policing_policy + } +} + resource "aci_rest_managed" "infraRsStpIfPol" { count = var.type != "breakout" ? 1 : 0 dn = "${aci_rest_managed.infraAccGrp.dn}/rsstpIfPol" diff --git a/modules/terraform-aci-access-leaf-interface-policy-group/variables.tf b/modules/terraform-aci-access-leaf-interface-policy-group/variables.tf index 2cce957c..7fee6b27 100644 --- a/modules/terraform-aci-access-leaf-interface-policy-group/variables.tf +++ b/modules/terraform-aci-access-leaf-interface-policy-group/variables.tf @@ -63,6 +63,29 @@ variable "cdp_policy" { } } +variable "ingress_data_plane_policing_policy" { + description = "Ingress Data Plane Policing policy name." + type = string + default = "" + + validation { + condition = can(regex("^[a-zA-Z0-9_.:-]{0,64}$", var.ingress_data_plane_policing_policy)) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } +} + +variable "egress_data_plane_policing_policy" { + description = "Egress Data Plane Policing policy name." + type = string + default = "" + + validation { + condition = can(regex("^[a-zA-Z0-9_.:-]{0,64}$", var.egress_data_plane_policing_policy)) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } +} + + variable "lldp_policy" { description = "LLDP policy name." type = string diff --git a/modules/terraform-aci-endpoint-group/README.md b/modules/terraform-aci-endpoint-group/README.md index 0cf7e617..bc71ed43 100644 --- a/modules/terraform-aci-endpoint-group/README.md +++ b/modules/terraform-aci-endpoint-group/README.md @@ -151,6 +151,7 @@ module "aci_endpoint_group" { | [static\_endpoints](#input\_static\_endpoints) | List of static endpoints. Format `mac`: `12:34:56:78:9A:BC`. Choices `type`: `silent-host`, `tep`, `vep`. Allowed values `node_id`, `node2_id`: `1` - `4000`. Allowed values `vlan`: `1` - `4096`. Allowed values `pod_id`: `1` - `255`. Default value `pod_id`: `1`. Allowed values `port`: `1` - `127`. Allowed values `module`: `1` - `9`. Default value `module`: `1`. | 
list(object({
    name           = optional(string, "")
    alias          = optional(string, "")
    mac            = string
    ip             = optional(string, "0.0.0.0")
    type           = string
    node_id        = optional(number)
    node2_id       = optional(number)
    vlan           = optional(number)
    pod_id         = optional(number, 1)
    port           = optional(number)
    module         = optional(number, 1)
    channel        = optional(string)
    additional_ips = optional(list(string), [])
  }))
| `[]` | no | | [l4l7\_virtual\_ips](#input\_l4l7\_virtual\_ips) | List of EPG L4/L7 Virtual IPs. | 
list(object({
    ip          = string
    description = optional(string, "")
  }))
| `[]` | no | | [l4l7\_address\_pools](#input\_l4l7\_address\_pools) | List of EPG L4/L7 Address Pools. | 
list(object({
    name            = string
    gateway_address = string
    from            = optional(string, "")
    to              = optional(string, "")
  }))
| `[]` | no | +| [data\_plane\_policing\_policy](#input\_data\_plane\_policing\_policy) | Data Plane Policing Policy to apply to EPG. | `string` | `""` | no | ## Outputs @@ -175,6 +176,7 @@ module "aci_endpoint_group" { | [aci_rest_managed.fvRsCustQosPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.fvRsDomAtt](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.fvRsDomAtt_vmm](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | +| [aci_rest_managed.fvRsDppPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.fvRsIntraEpg](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.fvRsNdPfxPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.fvRsNodeAtt](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | diff --git a/modules/terraform-aci-endpoint-group/main.tf b/modules/terraform-aci-endpoint-group/main.tf index e98e7b60..f13896cf 100644 --- a/modules/terraform-aci-endpoint-group/main.tf +++ b/modules/terraform-aci-endpoint-group/main.tf @@ -50,6 +50,14 @@ resource "aci_rest_managed" "fvRsBd" { } } +resource "aci_rest_managed" "fvRsDppPol" { + dn = "${aci_rest_managed.fvAEPg.dn}/rsdppPol" + class_name = "fvRsDppPol" + content = { + tnQosDppPolName = var.data_plane_policing_policy + } +} + resource "aci_rest_managed" "fvRsCustQosPol" { count = var.custom_qos_policy != "" ? 1 : 0 dn = "${aci_rest_managed.fvAEPg.dn}/rscustQosPol" diff --git a/modules/terraform-aci-endpoint-group/variables.tf b/modules/terraform-aci-endpoint-group/variables.tf index 0ebdaec0..03d11588 100644 --- a/modules/terraform-aci-endpoint-group/variables.tf +++ b/modules/terraform-aci-endpoint-group/variables.tf @@ -675,3 +675,14 @@ variable "l4l7_address_pools" { error_message = "`name`: Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." } } + +variable "data_plane_policing_policy" { + type = string + description = "Data Plane Policing Policy to apply to EPG." + default = "" + + validation { + condition = can(regex("^[a-zA-Z0-9_.:-]{0,64}$", var.data_plane_policing_policy)) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } +} \ No newline at end of file diff --git a/modules/terraform-aci-l3out-interface-profile/README.md b/modules/terraform-aci-l3out-interface-profile/README.md index 07c5943c..4eae052b 100644 --- a/modules/terraform-aci-l3out-interface-profile/README.md +++ b/modules/terraform-aci-l3out-interface-profile/README.md @@ -124,6 +124,8 @@ module "aci_l3out_interface_profile" { | [sr\_mpls](#input\_sr\_mpls) | SR MPLS L3out flag. | `bool` | `false` | no | | [transport\_data\_plane](#input\_transport\_data\_plane) | Transport Data Plane. Allowed values: `sr_mpls`, `mpls`. Default value: `sr_mpls`. | `string` | `"sr_mpls"` | no | | [dhcp\_labels](#input\_dhcp\_labels) | List of DHCP labels | 
list(object({
    dhcp_relay_policy  = string
    dhcp_option_policy = optional(string)
    scope              = optional(string, "infra")
  }))
| `[]` | no | +| [ingress\_data\_plane\_policing\_policy](#input\_ingress\_data\_plane\_policing\_policy) | Ingress Data Plane Policing policy name. | `string` | `""` | no | +| [egress\_data\_plane\_policing\_policy](#input\_egress\_data\_plane\_policing\_policy) | Egress Data Plane Policing policy name. | `string` | `""` | no | ## Outputs @@ -166,6 +168,8 @@ module "aci_l3out_interface_profile" { | [aci_rest_managed.l3extMember_A](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.l3extMember_B](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.l3extRsDynPathAtt](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | +| [aci_rest_managed.l3extRsEgressQosDppPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | +| [aci_rest_managed.l3extRsIngressQosDppPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.l3extRsLIfPCustQosPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.l3extRsPathL3OutAtt](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | | [aci_rest_managed.l3extRsVSwitchEnhancedLagPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | diff --git a/modules/terraform-aci-l3out-interface-profile/main.tf b/modules/terraform-aci-l3out-interface-profile/main.tf index a3b5cb2c..eb362bb0 100644 --- a/modules/terraform-aci-l3out-interface-profile/main.tf +++ b/modules/terraform-aci-l3out-interface-profile/main.tf @@ -562,3 +562,19 @@ resource "aci_rest_managed" "dhcpRsDhcpOptionPol" { tnDhcpOptionPolName = each.value.dhcp_option_policy } } + +resource "aci_rest_managed" "l3extRsEgressQosDppPol" { + dn = "${aci_rest_managed.l3extLIfP.dn}/rsegressQosDppPol" + class_name = "l3extRsEgressQosDppPol" + content = { + tnQosDppPolName = var.egress_data_plane_policing_policy + } +} + +resource "aci_rest_managed" "l3extRsIngressQosDppPol" { + dn = "${aci_rest_managed.l3extLIfP.dn}/rsingressQosDppPol" + class_name = "l3extRsIngressQosDppPol" + content = { + tnQosDppPolName = var.ingress_data_plane_policing_policy + } +} \ No newline at end of file diff --git a/modules/terraform-aci-l3out-interface-profile/variables.tf b/modules/terraform-aci-l3out-interface-profile/variables.tf index df942cc4..df060980 100644 --- a/modules/terraform-aci-l3out-interface-profile/variables.tf +++ b/modules/terraform-aci-l3out-interface-profile/variables.tf @@ -479,4 +479,26 @@ variable "dhcp_labels" { ]) error_message = "`scope`: Allowed values: `tenant`, `infra`." } +} + +variable "ingress_data_plane_policing_policy" { + description = "Ingress Data Plane Policing policy name." + type = string + default = "" + + validation { + condition = can(regex("^[a-zA-Z0-9_.:-]{0,64}$", var.ingress_data_plane_policing_policy)) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } +} + +variable "egress_data_plane_policing_policy" { + description = "Egress Data Plane Policing policy name." + type = string + default = "" + + validation { + condition = can(regex("^[a-zA-Z0-9_.:-]{0,64}$", var.egress_data_plane_policing_policy)) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } } \ No newline at end of file