fix: use filtered subnet cidr blocks instead of the VPC cidr (#83)

* fix: use filtered subnet cidr bloccks for `accepter_cidr_block_associations` instead of the VPC cidr

* fix: add provider to aws_subnet accepter data source

* fix: access to accepter cidr block

* fix: run terraform fmt

* use filtered subnet cidr blocks for requester_cidr_block_associations instead of the VPC cidr

* Revert "use filtered subnet cidr blocks for requester_cidr_block_associations instead of the VPC cidr"

This reverts commit ca3eca7.

* fix ipv6

* add compact to fix empty sets

* Reapply "use filtered subnet cidr blocks for requester_cidr_block_associations instead of the VPC cidr"

This reverts commit 47201a5.

* add compact to fix empty sets

* fix filters

* fix filters

* add try when getting accepter subnet ids

Co-authored-by: Igor Rodionov  <[email protected]>

---------

Co-authored-by: Igor Rodionov <[email protected]>

accepter.tf

@@ -58,11 +58,19 @@ data "aws_subnets" "accepter" {
   tags = var.accepter_subnet_tags
 }
 
+data "aws_subnet" "accepter" {
+  for_each = toset(flatten(data.aws_subnets.accepter[*].ids))
+  provider = aws.accepter
+  id       = each.value
+}
+
 locals {
-  accepter_subnet_ids = local.accepter_enabled ? data.aws_subnets.accepter[0].ids : []
-  accepter_vpc_id     = join("", data.aws_vpc.accepter[*].id)
-  accepter_account_id = join("", data.aws_caller_identity.accepter[*].account_id)
-  accepter_region     = join("", data.aws_region.accepter[*].name)
+  accepter_subnet_ids       = local.accepter_enabled ? try(data.aws_subnets.accepter[0].ids, []) : []
+  accepter_cidr_blocks      = length(var.accepter_subnet_tags) > 0 ? compact([for s in data.aws_subnet.accepter : s.cidr_block]) : flatten(data.aws_vpc.accepter[*].cidr_block_associations[*].cidr_block)
+  accepter_ipv6_cidr_blocks = length(var.accepter_subnet_tags) > 0 ? compact([for s in data.aws_subnet.accepter : s.ipv6_cidr_block]) : compact([for vpc_temp in data.aws_vpc.accepter : vpc_temp.ipv6_cidr_block])
+  accepter_vpc_id           = join("", data.aws_vpc.accepter[*].id)
+  accepter_account_id       = join("", data.aws_caller_identity.accepter[*].account_id)
+  accepter_region           = join("", data.aws_region.accepter[*].name)
 }
 
 data "aws_route_tables" "accepter" {
@@ -87,17 +95,13 @@ data "aws_route_tables" "default_rts" {
 }
 
 locals {
-  accepter_aws_default_rt_id             = join("", flatten(data.aws_route_tables.default_rts[*].ids))
-  accepter_aws_rt_map                    = { for s in local.accepter_subnet_ids : s => try(data.aws_route_tables.accepter[s].ids[0], local.accepter_aws_default_rt_id) }
-  accepter_aws_route_table_ids           = distinct(sort(values(local.accepter_aws_rt_map)))
-  accepter_aws_route_table_ids_count     = length(local.accepter_aws_route_table_ids)
-  accepter_cidr_block_associations       = flatten(data.aws_vpc.accepter[*].cidr_block_associations)
-  accepter_cidr_block_associations_count = length(local.accepter_cidr_block_associations)
-  accepter_ipv6_cidr_block_associations = flatten(length(data.aws_vpc.accepter[*].ipv6_cidr_block) > 0 ? [
-    for vpc_temp in data.aws_vpc.accepter : {
-      cidr_block = vpc_temp.ipv6_cidr_block
-    }
-  ] : [])
+  accepter_aws_default_rt_id                  = join("", flatten(data.aws_route_tables.default_rts[*].ids))
+  accepter_aws_rt_map                         = { for s in local.accepter_subnet_ids : s => try(data.aws_route_tables.accepter[s].ids[0], local.accepter_aws_default_rt_id) }
+  accepter_aws_route_table_ids                = distinct(sort(values(local.accepter_aws_rt_map)))
+  accepter_aws_route_table_ids_count          = length(local.accepter_aws_route_table_ids)
+  accepter_cidr_block_associations            = local.accepter_cidr_blocks
+  accepter_cidr_block_associations_count      = length(local.accepter_cidr_block_associations)
+  accepter_ipv6_cidr_block_associations       = local.accepter_ipv6_cidr_blocks
   accepter_ipv6_cidr_block_associations_count = length(local.accepter_ipv6_cidr_block_associations)
 }
 
@@ -106,7 +110,7 @@ resource "aws_route" "accepter" {
   count                     = local.enabled ? local.accepter_aws_route_table_ids_count * local.requester_cidr_block_associations_count : 0
   provider                  = aws.accepter
   route_table_id            = local.accepter_aws_route_table_ids[floor(count.index / local.requester_cidr_block_associations_count)]
-  destination_cidr_block    = local.requester_cidr_block_associations[count.index % local.requester_cidr_block_associations_count]["cidr_block"]
+  destination_cidr_block    = local.requester_cidr_block_associations[count.index % local.requester_cidr_block_associations_count]
   vpc_peering_connection_id = join("", aws_vpc_peering_connection.requester[*].id)
   depends_on = [
     data.aws_route_tables.accepter,
@@ -125,7 +129,7 @@ resource "aws_route" "accepter_ipv6" {
   count                       = local.enabled ? local.accepter_aws_route_table_ids_count * local.requester_ipv6_cidr_block_associations_count : 0
   provider                    = aws.accepter
   route_table_id              = local.accepter_aws_route_table_ids[floor(count.index / local.requester_ipv6_cidr_block_associations_count)]
-  destination_ipv6_cidr_block = local.requester_ipv6_cidr_block_associations[count.index % local.requester_ipv6_cidr_block_associations_count]["cidr_block"]
+  destination_ipv6_cidr_block = local.requester_ipv6_cidr_block_associations[count.index % local.requester_ipv6_cidr_block_associations_count]
   vpc_peering_connection_id   = join("", aws_vpc_peering_connection.requester[*].id)
   depends_on = [
     data.aws_route_tables.accepter,

requester.tf

@@ -114,8 +114,16 @@ data "aws_subnets" "requester" {
   tags = var.requester_subnet_tags
 }
 
+data "aws_subnet" "requester" {
+  for_each = toset(flatten(data.aws_subnets.requester[*].ids))
+  provider = aws.requester
+  id       = each.value
+}
+
 locals {
   requester_subnet_ids       = try(distinct(sort(flatten(data.aws_subnets.requester[*].ids))), [])
+  requester_cidr_blocks      = length(var.requester_subnet_tags) > 0 ? compact([for s in data.aws_subnet.requester : s.cidr_block]) : flatten(data.aws_vpc.requester[*].cidr_block_associations[*].cidr_block)
+  requester_ipv6_cidr_blocks = length(var.requester_subnet_tags) > 0 ? compact([for s in data.aws_subnet.requester : s.ipv6_cidr_block]) : compact([for vpc_temp in data.aws_vpc.requester : vpc_temp.ipv6_cidr_block])
   requester_subnet_ids_count = length(local.requester_subnet_ids)
   requester_vpc_id           = join("", data.aws_vpc.requester[*].id)
 }
@@ -160,15 +168,11 @@ resource "aws_vpc_peering_connection_options" "requester" {
 }
 
 locals {
-  requester_aws_route_table_ids           = try(distinct(sort(data.aws_route_table.requester[*].route_table_id)), [])
-  requester_aws_route_table_ids_count     = length(local.requester_aws_route_table_ids)
-  requester_cidr_block_associations       = flatten(data.aws_vpc.requester[*].cidr_block_associations)
-  requester_cidr_block_associations_count = length(local.requester_cidr_block_associations)
-  requester_ipv6_cidr_block_associations = flatten(length(data.aws_vpc.requester[*].ipv6_cidr_block) > 0 ? [
-    for vpc_temp in data.aws_vpc.requester : {
-      cidr_block = vpc_temp.ipv6_cidr_block
-    }
-  ] : [])
+  requester_aws_route_table_ids                = try(distinct(sort(data.aws_route_table.requester[*].route_table_id)), [])
+  requester_aws_route_table_ids_count          = length(local.requester_aws_route_table_ids)
+  requester_cidr_block_associations            = local.requester_cidr_blocks
+  requester_cidr_block_associations_count      = length(local.requester_cidr_block_associations)
+  requester_ipv6_cidr_block_associations       = local.requester_ipv6_cidr_blocks
   requester_ipv6_cidr_block_associations_count = length(local.requester_ipv6_cidr_block_associations)
 }
 
@@ -177,7 +181,7 @@ resource "aws_route" "requester" {
   count                     = local.enabled ? local.requester_aws_route_table_ids_count * local.accepter_cidr_block_associations_count : 0
   provider                  = aws.requester
   route_table_id            = local.requester_aws_route_table_ids[floor(count.index / local.accepter_cidr_block_associations_count)]
-  destination_cidr_block    = local.accepter_cidr_block_associations[count.index % local.accepter_cidr_block_associations_count]["cidr_block"]
+  destination_cidr_block    = local.accepter_cidr_block_associations[count.index % local.accepter_cidr_block_associations_count]
   vpc_peering_connection_id = join("", aws_vpc_peering_connection.requester[*].id)
   depends_on = [
     data.aws_route_table.requester,
@@ -196,7 +200,7 @@ resource "aws_route" "requester_ipv6" {
   count                       = local.enabled ? local.requester_aws_route_table_ids_count * local.accepter_ipv6_cidr_block_associations_count : 0
   provider                    = aws.requester
   route_table_id              = local.requester_aws_route_table_ids[floor(count.index / local.accepter_ipv6_cidr_block_associations_count)]
-  destination_ipv6_cidr_block = local.accepter_ipv6_cidr_block_associations[count.index % local.accepter_ipv6_cidr_block_associations_count]["cidr_block"]
+  destination_ipv6_cidr_block = local.accepter_ipv6_cidr_block_associations[count.index % local.accepter_ipv6_cidr_block_associations_count]
   vpc_peering_connection_id   = join("", aws_vpc_peering_connection.requester[*].id)
   depends_on = [
     data.aws_route_table.requester,