Fix nat_gateway_id network_interface_id variable defaults conflict

.editorconfig

@@ -0,0 +1,25 @@
+# Unix-style newlines with a newline ending every file
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.{tf,tfvars}]
+indent_size = 2
+indent_style = space
+
+[*.md]
+max_line_length = 0
+trim_trailing_whitespace = false
+
+# Override for Makefile
+[{Makefile, makefile, GNUmakefile, Makefile.*}]
+tab_width = 2
+indent_style = tab
+indent_size = 4
+
+[COMMIT_EDITMSG]
+max_line_length = 0

.github/CODEOWNERS

@@ -15,8 +15,8 @@
 
 # Cloud Posse must review any changes to standard context definition,
 # but some changes can be rubber-stamped.
-**/*.tf       @cloudposse/engineering @cloudposse/approvers
-README.yaml   @cloudposse/engineering @cloudposse/approvers
+**/*.tf       @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
+README.yaml   @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
 README.md     @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
 docs/*.md     @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers
 

.github/auto-release.yml

@@ -46,7 +46,7 @@ template: |
 
 replacers:
 # Remove irrelevant information from Renovate bot
-- search: '/---\s+^#.*Renovate configuration(?:.|\n)*?This PR has been generated .*/gm'
+- search: '/---\s+^#.*(Renovate configuration|Configuration)(?:.|\n)*?This PR has been generated .*/gm'
   replace: ''
 # Remove Renovate bot banner image
 - search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm'

.github/mergify.yml

@@ -56,3 +56,10 @@ pull_request_rules:
       changes_requested: true
       approved: true
       message: "This Pull Request has been updated, so we're dismissing all reviews."
+
+- name: "close Pull Requests without files changed"
+  conditions:
+    - "#files=0"
+  actions:
+    close:
+      message: "This pull request has been automatically closed by Mergify because there are no longer any changes."

.github/workflows/auto-format.yml

@@ -6,7 +6,7 @@ on:
 jobs:
   auto-format:
     runs-on: ubuntu-latest
-    container: cloudposse/build-harness:slim-latest
+    container: cloudposse/build-harness:latest
     steps:
     # Checkout the pull request branch
     #  "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using
@@ -29,6 +29,8 @@ jobs:
     - name: Auto Format
       if: github.event.pull_request.state == 'open'
       shell: bash
+      env:
+        GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
       run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host
 
     # Commit changes (if any) to the PR branch

.github/workflows/auto-release.yml

@@ -3,17 +3,25 @@ name: auto-release
 on:
   push:
     branches:
-    - master
+      - main
+      - master
+      - production
 
 jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
-    # Drafts your next Release notes as Pull Requests are merged into "master"
-    - uses: release-drafter/release-drafter@v5
-      with:
-        publish: true
-        prerelease: false
-        config-name: auto-release.yml
-      env:
-        GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+      # Get PR from merged commit to master
+      - uses: actions-ecosystem/action-get-merged-pull-request@v1
+        id: get-merged-pull-request
+        with:
+          github_token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
+      # Drafts your next Release notes as Pull Requests are merged into "main"
+      - uses: release-drafter/release-drafter@v5
+        if: "!contains(steps.get-merged-pull-request.outputs.labels, 'no-release')"
+        with:
+          publish: true
+          prerelease: false
+          config-name: auto-release.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}

.github/workflows/validate-codeowners.yml

@@ -1,5 +1,7 @@
 name: Validate Codeowners
 on:
+  workflow_dispatch:
+
   pull_request:
 
 jobs:

examples/complete/fixtures.us-east-2.tfvars

@@ -15,5 +15,3 @@ subnet_names = ["subnet1", "subnet2"]
 max_subnets = 2
 
 type = "public"
-
-nat_enabled = false

examples/complete/main.tf

@@ -11,6 +11,7 @@ module "vpc" {
   context = module.this.context
 }
 
+# Verify we can make a public subnet with NAT for private subnet
 module "subnets" {
   source = "../../"
 
@@ -19,9 +20,26 @@ module "subnets" {
   availability_zone = var.availability_zone
   vpc_id            = module.vpc.vpc_id
   igw_id            = module.vpc.igw_id
-  cidr_block        = module.vpc.vpc_cidr_block
+  cidr_block        = "172.16.128.0/17"
   subnet_names      = var.subnet_names
   max_subnets       = var.max_subnets
-  nat_enabled       = var.nat_enabled
-  type              = var.type
+  nat_enabled       = true
+  type              = "public"
+}
+
+# Verify we can make private subnets connected to the public subnet
+module "subnets_private" {
+  source = "../../"
+
+  context = module.this.context
+
+  availability_zone = var.availability_zone
+  vpc_id            = module.vpc.vpc_id
+  igw_id            = module.vpc.igw_id
+  cidr_block        = "172.16.0.0/17"
+  subnet_names      = ["private1"]
+  max_subnets       = var.max_subnets
+  nat_enabled       = false
+  type              = "private"
+  ngw_id            = module.subnets.ngw_id
 }

examples/complete/variables.tf

@@ -17,7 +17,3 @@ variable "max_subnets" {
 variable "type" {
   type = string
 }
-
-variable "nat_enabled" {
-  type = bool
-}

private.tf

@@ -41,8 +41,8 @@ resource "aws_route_table" "private" {
 resource "aws_route" "private" {
   count                  = local.private_count
   route_table_id         = aws_route_table.private.*.id[count.index]
-  network_interface_id   = var.eni_id
-  nat_gateway_id         = var.ngw_id
+  network_interface_id   = var.eni_id == "" ? null : var.eni_id
+  nat_gateway_id         = var.ngw_id == "" ? null : var.ngw_id
   destination_cidr_block = "0.0.0.0/0"
 }
 

public.tf

@@ -42,7 +42,7 @@ resource "aws_route_table" "public" {
 resource "aws_route" "public" {
   count                  = local.public_count
   route_table_id         = aws_route_table.public.*.id[count.index]
-  gateway_id             = var.igw_id
+  gateway_id             = var.igw_id == "" ? null : var.igw_id
   destination_cidr_block = "0.0.0.0/0"
 }
 

variables.tf

@@ -32,13 +32,13 @@ variable "cidr_block" {
 
 variable "igw_id" {
   type        = string
-  description = "Internet Gateway ID which will be used as a default route in public route tables (e.g. `igw-9c26a123`). Conflicts with `ngw_id`"
+  description = "Internet Gateway ID which will be used as a default route in public route tables (e.g. `igw-9c26a123`)."
   default     = ""
 }
 
 variable "ngw_id" {
   type        = string
-  description = "NAT Gateway ID which will be used as a default route in private route tables (e.g. `igw-9c26a123`). Conflicts with `igw_id`"
+  description = "NAT Gateway ID which will be used as a default route in private route tables (e.g. `igw-9c26a123`). Conflicts with `eni_id`."
   default     = ""
 }
 
@@ -159,7 +159,7 @@ variable "nat_enabled" {
 variable "eni_id" {
   type        = string
   default     = ""
-  description = "An ID of a network interface which is used as a default route in private route tables (_e.g._ `eni-9c26a123`)"
+  description = "An ID of a network interface which is used as a default route in private route tables (_e.g._ `eni-9c26a123`).  Conflicts with `ngw_id`."
 }
 
 variable "map_public_ip_on_launch_enabled" {