feat: add support for reserved ips as pool members

README.md

@@ -125,8 +125,8 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_access_tags"></a> [access\_tags](#input\_access\_tags) | A list of access tags to apply to the private path service created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details. | `list(string)` | `[]` | no |
-| <a name="input_nlb_backend_pools"></a> [nlb\_backend\_pools](#input\_nlb\_backend\_pools) | A list describing backend pools for the private path network load balancer. | <pre>list(object({<br/>    pool_name                                = string<br/>    pool_algorithm                           = optional(string, "round_robin")<br/>    pool_health_delay                        = optional(number, 5)<br/>    pool_health_retries                      = optional(number, 2)<br/>    pool_health_timeout                      = optional(number, 2)<br/>    pool_health_type                         = optional(string, "tcp")<br/>    pool_health_monitor_url                  = optional(string, "/")<br/>    pool_health_monitor_port                 = optional(number, 80)<br/>    pool_member_port                         = optional(number)<br/>    pool_member_instance_ids                 = optional(list(string), [])<br/>    pool_member_application_load_balancer_id = optional(string)<br/>    listener_port                            = optional(number)<br/>    listener_accept_proxy_protocol           = optional(bool, false)<br/>  }))</pre> | `[]` | no |
-| <a name="input_nlb_name"></a> [nlb\_name](#input\_nlb\_name) | The name of the private path netwrok load balancer. | `string` | `"pp-nlb"` | no |
+| <a name="input_nlb_backend_pools"></a> [nlb\_backend\_pools](#input\_nlb\_backend\_pools) | A list describing backend pools for the private path network load balancer. | <pre>list(object({<br/>    pool_name                                = string<br/>    pool_algorithm                           = optional(string, "round_robin")<br/>    pool_health_delay                        = optional(number, 5)<br/>    pool_health_retries                      = optional(number, 2)<br/>    pool_health_timeout                      = optional(number, 2)<br/>    pool_health_type                         = optional(string, "tcp")<br/>    pool_health_monitor_url                  = optional(string, "/")<br/>    pool_health_monitor_port                 = optional(number, 80)<br/>    pool_member_port                         = optional(number)<br/>    pool_member_instance_ids                 = optional(list(string), [])<br/>    pool_member_reserved_ip_ids              = optional(list(string), [])<br/>    pool_member_application_load_balancer_id = optional(string)<br/>    listener_port                            = optional(number)<br/>    listener_accept_proxy_protocol           = optional(bool, false)<br/>  }))</pre> | `[]` | no |
+| <a name="input_nlb_name"></a> [nlb\_name](#input\_nlb\_name) | The name of the private path network load balancer. | `string` | `"pp-nlb"` | no |
 | <a name="input_private_path_account_policies"></a> [private\_path\_account\_policies](#input\_private\_path\_account\_policies) | The account-specific connection request policies. | <pre>list(object({<br/>    account       = string<br/>    access_policy = string<br/>  }))</pre> | `[]` | no |
 | <a name="input_private_path_default_access_policy"></a> [private\_path\_default\_access\_policy](#input\_private\_path\_default\_access\_policy) | The policy to use for bindings from accounts without an explicit account policy. The default policy is set to Review all requests. Supported options are `permit`, `deny`, or `review`. | `string` | `"review"` | no |
 | <a name="input_private_path_name"></a> [private\_path\_name](#input\_private\_path\_name) | The name of the Private Path service for VPC. | `string` | n/a | yes |

examples/advanced/main.tf

@@ -69,6 +69,18 @@ resource "ibm_is_instance" "vsi" {
   user_data = file("./userdata.sh")
 }
 
+resource "ibm_is_subnet_reserved_ip" "vsi_ip" {
+  name        = "${var.prefix}-ip"
+  subnet      = ibm_is_subnet.provider_subnet.id
+  auto_delete = false
+}
+
+resource "ibm_is_subnet_reserved_ip" "vsi_ip2" {
+  name        = "${var.prefix}-ip2"
+  subnet      = ibm_is_subnet.provider_subnet.id
+  auto_delete = false
+}
+
 module "private_path" {
   source                             = "../.."
   resource_group_id                  = module.resource_group.resource_group_id
@@ -80,14 +92,15 @@ module "private_path" {
 
   nlb_backend_pools = [
     {
-      pool_name                = "backend-1"
-      pool_member_instance_ids = [for vsi in ibm_is_instance.vsi : vsi.id]
-      pool_member_port         = 80
-      pool_health_delay        = 60
-      pool_health_retries      = 5
-      pool_health_timeout      = 30
-      pool_health_type         = "http"
-      listener_port            = 80
+      pool_name                   = "backend-1"
+      pool_member_instance_ids    = [for vsi in ibm_is_instance.vsi : vsi.id]
+      pool_member_reserved_ip_ids = [ibm_is_subnet_reserved_ip.vsi_ip2.reserved_ip]
+      pool_member_port            = 80
+      pool_health_delay           = 60
+      pool_health_retries         = 5
+      pool_health_timeout         = 30
+      pool_health_type            = "http"
+      listener_port               = 80
     },
     {
       pool_name                                = "backend-2"
@@ -98,6 +111,16 @@ module "private_path" {
       pool_health_timeout                      = 30
       pool_health_type                         = "http"
       listener_port                            = 81
+    },
+    {
+      pool_name                   = "backend-3"
+      pool_member_reserved_ip_ids = [ibm_is_subnet_reserved_ip.vsi_ip.reserved_ip]
+      pool_member_port            = 80
+      pool_health_delay           = 60
+      pool_health_retries         = 5
+      pool_health_timeout         = 30
+      pool_health_type            = "http"
+      listener_port               = 82
     }
   ]
 }

main.tf

@@ -54,11 +54,20 @@ locals {
         "${pool.pool_name}-${count}" => merge(pool, { pool_id = ibm_is_lb_pool.pool[pool.pool_name].id }, { target_id = id })
       } if length(pool.pool_member_instance_ids) > 0
     ],
-    [{
+    [
       for pool in var.nlb_backend_pools :
-      pool.pool_name => merge(pool, { pool_id = ibm_is_lb_pool.pool[pool.pool_name].id }, { target_id = pool.pool_member_application_load_balancer_id })
-      if length(pool.pool_member_instance_ids) == 0
-    }]
+      {
+        for count, id in pool.pool_member_reserved_ip_ids :
+        "${pool.pool_name}-ips-${count}" => merge(pool, { pool_id = ibm_is_lb_pool.pool[pool.pool_name].id }, { target_id = id })
+      } if length(pool.pool_member_reserved_ip_ids) > 0
+    ],
+    [
+      {
+        for pool in var.nlb_backend_pools :
+        pool.pool_name => merge(pool, { pool_id = ibm_is_lb_pool.pool[pool.pool_name].id }, { target_id = pool.pool_member_application_load_balancer_id })
+        if length(pool.pool_member_instance_ids) == 0 && length(pool.pool_member_reserved_ip_ids) == 0
+      }
+    ]
   ))...)
 }
 

solutions/fully-configurable/DA_inputs.md

@@ -23,7 +23,7 @@ The `private_path_account_policies` input variable allows you to provide a list
 ```hcl
 [
   {
-    account        = "gtf640basntrds7fc2b1p6thah78g36h"
+    account        = "gtf640basntrds7fc2b1p6than78g36h"
     access_policy  = "review"
   },
   {
@@ -48,6 +48,7 @@ The `network_loadbalancer_backend_pools` input variable allows you to provide of
   - `pool_health_monitor_url` (optional): This URL is used to send health check requests to the instances in the pool. By default, this is the root path `/`.
   - `pool_health_monitor_port` (optional): (number) The port on which the load balancer sends health check requests. By default, health checks are sent on the same port where traffic is sent to the instance.
   - `pool_member_port` (optional): The port number of the application running in the server member.
+  - `pool_member_reserved_ip_ids`(optional): (List) List of Reserved IPs IDs which will attached as members to the backend pool.
   - `pool_member_instance_ids` (optional): (List) List of virtual server instances which will attached as members to the backend pool.
   - `pool_member_application_load_balancer_id` (optional): ID of the Application loadbalancer to attach as a member of the backend pool. You can have only 1 Application loadbalancer in a backend pool.
   - `listener_accept_proxy_protocol` (optional): (bool) If set to true, listener forwards proxy protocol information that are supported by load balancers in the application family. Default value is false.

solutions/fully-configurable/variables.tf

@@ -87,7 +87,7 @@ variable "existing_subnet_id" {
 
 variable "network_loadbalancer_name" {
   type        = string
-  description = "The name of the private path netwrok load balancer."
+  description = "The name of the private path network load balancer."
   default     = "pp-nlb"
 }
 
@@ -103,6 +103,7 @@ variable "network_loadbalancer_backend_pools" {
     pool_health_monitor_port                 = optional(number, 80)
     pool_member_port                         = optional(number)
     pool_member_instance_ids                 = optional(list(string), [])
+    pool_member_reserved_ip_ids              = optional(list(string), [])
     pool_member_application_load_balancer_id = optional(string)
     listener_port                            = optional(number)
     listener_accept_proxy_protocol           = optional(bool, false)

variables.tf

@@ -40,7 +40,7 @@ variable "subnet_id" {
 
 variable "nlb_name" {
   type        = string
-  description = "The name of the private path netwrok load balancer."
+  description = "The name of the private path network load balancer."
   default     = "pp-nlb"
 }
 
@@ -56,6 +56,7 @@ variable "nlb_backend_pools" {
     pool_health_monitor_port                 = optional(number, 80)
     pool_member_port                         = optional(number)
     pool_member_instance_ids                 = optional(list(string), [])
+    pool_member_reserved_ip_ids              = optional(list(string), [])
     pool_member_application_load_balancer_id = optional(string)
     listener_port                            = optional(number)
     listener_accept_proxy_protocol           = optional(bool, false)
@@ -92,6 +93,11 @@ variable "nlb_backend_pools" {
     condition     = length([for backend in var.nlb_backend_pools : backend]) <= 10
     error_message = "You cannot define more than 10 backend pools."
   }
+
+  validation {
+    condition     = alltrue([for backend in var.nlb_backend_pools : backend.pool_member_application_load_balancer_id != null && (length(backend.pool_member_reserved_ip_ids) > 0 || length(backend.pool_member_instance_ids) > 0) ? false : true])
+    error_message = "When an Application Load Balancer is added as a backend pool member, no other types of resources can be attached to the pool."
+  }
 }
 
 ##############################################################################