feat: Added the ability to allow IP spoofing on the primary network interface by expsoing new boolean inout allow_ip_spoof for all VSI related modules / DAs (#1000)

Author: kierramarie

README.md

@@ -295,6 +295,9 @@
             {
               "key": "use_legacy_network_interface"
             },
+            {
+              "key": "allow_ip_spoofing"
+            },
             {
               "key": "add_edge_vpc",
               "hidden": true
@@ -717,6 +720,9 @@
             },
             {
               "key": "use_legacy_network_interface"
+            },
+            {
+              "key": "allow_ip_spoofing"
             }
           ],
           "iam_permissions": [

ibm_catalog.json

@@ -68,4 +68,5 @@ module "vsi" {
   placement_group_id              = var.placement_group_id
   primary_vni_additional_ip_count = var.primary_vni_additional_ip_count
   use_legacy_network_interface    = var.use_legacy_network_interface
+  allow_ip_spoofing               = var.allow_ip_spoofing
 }

patterns/vsi-extension/main.tf

@@ -209,3 +209,9 @@ variable "use_legacy_network_interface" {
   type        = bool
   default     = false
 }
+
+variable "allow_ip_spoofing" {
+  description = "Allow IP spoofing on the primary network interface"
+  type        = bool
+  default     = false
+}

patterns/vsi-extension/variables.tf

@@ -89,6 +89,7 @@ module "vsi_landing_zone" {
   existing_vpc_cbr_zone_id               = var.existing_vpc_cbr_zone_id
   user_data                              = var.user_data
   use_legacy_network_interface           = var.use_legacy_network_interface
+  allow_ip_spoofing                      = var.allow_ip_spoofing
 }
 
 moved {

patterns/vsi/main.tf

@@ -86,6 +86,7 @@ locals {
         boot_volume_encryption_key_name = "${var.prefix}-vsi-volume-key"
         user_data                       = lookup(var.user_data, network, null) != null ? var.user_data[network].user_data : null
         use_legacy_network_interface    = var.use_legacy_network_interface
+        allow_ip_spoofing               = var.allow_ip_spoofing
         security_group = {
           name     = "${var.prefix}-${network}"
           vpc_name = var.vpcs[0]

patterns/vsi/module/config.tf

@@ -160,6 +160,12 @@ variable "use_legacy_network_interface" {
   default     = false
 }
 
+variable "allow_ip_spoofing" {
+  description = "Allow IP spoofing on the primary network interface"
+  type        = bool
+  default     = false
+}
+
 ##############################################################################
 
 

patterns/vsi/module/variables.tf

@@ -423,7 +423,8 @@
                 "vsi-zone-3"
             ],
             "vpc_name": "management",
-            "vsi_per_subnet": 1
+            "vsi_per_subnet": 1,
+            "allow_ip_spoofing": false
         },
         {
             "boot_volume_encryption_key_name": "slz-vsi-volume-key",

patterns/vsi/override.json

@@ -160,6 +160,12 @@ variable "use_legacy_network_interface" {
   default     = false
 }
 
+variable "allow_ip_spoofing" {
+  description = "Allow IP spoofing on the primary network interface"
+  type        = bool
+  default     = false
+}
+
 ##############################################################################
 
 

patterns/vsi/variables.tf

@@ -317,6 +317,7 @@ variable "vsi" {
       user_data                       = optional(string)
       resource_group                  = optional(string)
       enable_floating_ip              = optional(bool)
+      allow_ip_spoofing               = optional(bool)
       security_groups                 = optional(list(string))
       boot_volume_encryption_key_name = optional(string)
       primary_vni_additional_ip_count = optional(number)