From af199e9dba32073e4933544c84c7466c0d7f244d Mon Sep 17 00:00:00 2001
From: Zack Annexstein <zannexstein@gmail.com>
Date: Wed, 6 Mar 2024 14:25:22 -0800
Subject: [PATCH 1/2] ci: Update git-xargs-test branch from
 delivery-github-repo-management

---
 .env                                          |  2 +-
 .github/ISSUE_TEMPLATE/general_issue.md       | 48 ++++++++++++++++++
 .github/workflows/pr-merge-group.yml          | 25 ++++++++++
 .github/workflows/pre-commit.yml              | 20 ++++++++
 .../pull-request-opened-by-renovate.yml       | 40 +++++++++++++++
 .github/workflows/release-please.yml          | 19 +++++++
 .github/workflows/repo-config.yml             | 19 +++++++
 .github/workflows/slash-command-dispatch.yml  | 50 +++++++++++++++++++
 .github/workflows/test-command.yml            | 38 ++++++++++++++
 .github/workflows/update-command.yml          | 22 ++++++++
 .gitignore                                    | 34 +++++++++----
 .pre-commit-config.yaml                       |  4 +-
 README.md                                     | 11 +++-
 examples/complete/README.md                   | 50 +++++++++++++++++++
 modules/subnet_route/README.md                | 42 ++++++++++++++++
 modules/transit_gateway_route/README.md       | 37 ++++++++++++++
 outputs.tf                                    |  1 -
 release-please-config.json                    |  3 +-
 18 files changed, 449 insertions(+), 16 deletions(-)
 create mode 100644 .github/ISSUE_TEMPLATE/general_issue.md
 create mode 100644 .github/workflows/pr-merge-group.yml
 create mode 100644 .github/workflows/pre-commit.yml
 create mode 100644 .github/workflows/pull-request-opened-by-renovate.yml
 create mode 100644 .github/workflows/release-please.yml
 create mode 100644 .github/workflows/repo-config.yml
 create mode 100644 .github/workflows/slash-command-dispatch.yml
 create mode 100644 .github/workflows/test-command.yml
 create mode 100644 .github/workflows/update-command.yml
 create mode 100644 examples/complete/README.md
 create mode 100644 modules/subnet_route/README.md
 create mode 100644 modules/transit_gateway_route/README.md

diff --git a/.env b/.env
index 5b4178d..0fd5172 100644
--- a/.env
+++ b/.env
@@ -1,3 +1,3 @@
 BUILD_HARNESS_REPO=ghcr.io/defenseunicorns/build-harness/build-harness
 # renovate: datasource=github-tags depName=defenseunicorns/build-harness
-BUILD_HARNESS_VERSION=2.0.3
+BUILD_HARNESS_VERSION=2.0.4
diff --git a/.github/ISSUE_TEMPLATE/general_issue.md b/.github/ISSUE_TEMPLATE/general_issue.md
new file mode 100644
index 0000000..d089988
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/general_issue.md
@@ -0,0 +1,48 @@
+---
+name: General Issue
+about: Suggest a new feature, report a bug, or just ask a question
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+<!-- Thank you for submitting an issue! Please answer the following questions. This template is intended to guide the issue author toward meeting our [Definition of Ready](https://github.com/defenseunicorns/delivery-aws-iac/blob/main/CONTRIBUTING.md#definition-of-ready-for-a-backlog-item). You don't have to use this exact format if you don't want to, but whatever you submit must meet the DoR or the issue may be closed, and you will be asked to resubmit. -->
+
+### Persona
+
+<!-- Who is submitting this request? Please describe how you use this repo. -->
+
+
+
+### Description
+
+<!-- What **outcome** is being requested? Note: An outcome is a description of the behavior desired rather than an imperative. For example, "I want to be able to create a new user" is an outcome, while "Create new users using this specific javascript library" is an imperative. -->
+
+
+
+### Use Case
+
+<!-- Why is this needed? Is this request related to a problem? Please describe. -->
+
+
+
+### Impact
+
+<!-- What will happen if this request is not fulfilled? -->
+
+
+
+### Completion
+
+<!-- What does being "done" look like?
+Note: Some "givens" of done criteria that don't need to be included in the answer:
+> * The change has been peer reviewed
+> * Automated tests have been written and/or updated, and are passing
+> * Documentation has been written and/or updated -->
+
+
+
+### Additional Context
+
+<!-- Any additional information / visual aids that might be helpful in understanding the request? -->
diff --git a/.github/workflows/pr-merge-group.yml b/.github/workflows/pr-merge-group.yml
new file mode 100644
index 0000000..e6d8b0e
--- /dev/null
+++ b/.github/workflows/pr-merge-group.yml
@@ -0,0 +1,25 @@
+# triggers on merge_group and pull_request events
+# only use this if merge queue is enabled, otherwise stick to test-command for e2e testing
+
+name: pr-merge-group
+on:
+  merge_group:
+    types: [checks_requested]
+  pull_request:
+
+defaults:
+  run:
+    shell: bash -eo pipefail {0}
+
+permissions:
+  id-token: write # needed for oidc auth for AWS creds
+  contents: read
+
+jobs:
+  pr-merge-group-test:
+    uses: defenseunicorns/delivery-github-actions-workflows/.github/workflows/pr-merge-group-test.yml@main
+    secrets:
+      APPLICATION_ID: ${{ secrets.NARWHAL_BOT_APP_ID }}
+      APPLICATION_PRIVATE_KEY: ${{ secrets.NARWHAL_BOT_SECRET }}
+      AWS_COMMERCIAL_ROLE_TO_ASSUME: ${{ secrets.NARWHAL_AWS_COMMERCIAL_ROLE_TO_ASSUME }}
+      AWS_GOVCLOUD_ROLE_TO_ASSUME: ${{ secrets.NARWHAL_AWS_GOVCLOUD_ROLE_TO_ASSUME }}
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
new file mode 100644
index 0000000..419689a
--- /dev/null
+++ b/.github/workflows/pre-commit.yml
@@ -0,0 +1,20 @@
+# If the workflow trigger is "pull_request", run pre-commit checks.
+name: pre-commit
+
+on:
+  pull_request:
+  merge_group:
+  workflow_dispatch:
+
+
+permissions:
+  pull-requests: write
+  id-token: write
+  contents: read
+
+jobs:
+  pre-commit:
+    uses: defenseunicorns/delivery-github-actions-workflows/.github/workflows/pre-commit.yml@main
+    secrets:
+      APPLICATION_ID: ${{ secrets.NARWHAL_BOT_APP_ID }}
+      APPLICATION_PRIVATE_KEY: ${{ secrets.NARWHAL_BOT_SECRET }}
diff --git a/.github/workflows/pull-request-opened-by-renovate.yml b/.github/workflows/pull-request-opened-by-renovate.yml
new file mode 100644
index 0000000..24f35bb
--- /dev/null
+++ b/.github/workflows/pull-request-opened-by-renovate.yml
@@ -0,0 +1,40 @@
+# If Renovate is not the author of the PR that triggers this workflow, it will do nothing.
+# If Renovate is the author of the PR that triggers this workflow, but the workflow event is anything but "opened", it will do nothing.
+# If Renovate is the author of the PR that triggers this workflow, and the workflow event is "opened", it will:
+#   1. Autoformat using pre-commit and, if necessary, push an additional commit to the PR with the autoformat fixes.
+#   2. Change the branch protection rules to turn off require codeowner approval due to github apps not being able to be codeowners or added to teams.
+#   3. narwhal-bot approves the PR.
+#   4. narwhal-bot merges the PR.
+#   5. PR is added to merge queue.
+#   6. tests are ran.
+#     a. If tests pass, PR is merged.
+#       i. If PR is merged, it is closed and branch is deleted.
+#     b. If tests fail, PR stays open and it is removed from merge queue.
+#   7. Branch protection is always set back to the original state.
+#
+# See ADR #0008.
+name: auto-test
+on:
+  pull_request:
+    # WARNING: DO NOT ADD MORE EVENT TYPES HERE! Because this workflow will push a new commit to the PR in the Autoformat step, adding more event types may cause an infinite loop.
+    types:
+      - opened
+
+permissions:
+  id-token: write
+  contents: write
+
+defaults:
+  run:
+    # We need -e -o pipefail for consistency with GitHub Actions' default behavior
+    shell: bash -e -o pipefail {0}
+
+jobs:
+  renovate-test:
+    if: github.event.client_payload.github.actor == 'renovate[bot]' || github.actor == 'renovate[bot]'
+    uses: defenseunicorns/delivery-github-actions-workflows/.github/workflows/renovate-test.yml@main
+    secrets:
+      APPLICATION_ID: ${{ secrets.NARWHAL_BOT_APP_ID }}
+      APPLICATION_PRIVATE_KEY: ${{ secrets.NARWHAL_BOT_SECRET }}
+      AWS_COMMERCIAL_ROLE_TO_ASSUME: ${{ secrets.NARWHAL_AWS_COMMERCIAL_ROLE_TO_ASSUME }}
+      AWS_GOVCLOUD_ROLE_TO_ASSUME: ${{ secrets.NARWHAL_AWS_GOVCLOUD_ROLE_TO_ASSUME }}
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
new file mode 100644
index 0000000..ec4959d
--- /dev/null
+++ b/.github/workflows/release-please.yml
@@ -0,0 +1,19 @@
+# On every push to main, run release-please to automatically handle the release process.
+
+name: release-please
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  release-please:
+    uses: defenseunicorns/delivery-github-actions-workflows/.github/workflows/release-please.yml@main
+    secrets:
+      APPLICATION_ID: ${{ secrets.NARWHAL_BOT_APP_ID }}
+      APPLICATION_PRIVATE_KEY: ${{ secrets.NARWHAL_BOT_SECRET }}
diff --git a/.github/workflows/repo-config.yml b/.github/workflows/repo-config.yml
new file mode 100644
index 0000000..5f5712d
--- /dev/null
+++ b/.github/workflows/repo-config.yml
@@ -0,0 +1,19 @@
+name: repo-config
+
+on:
+  schedule:
+    # daily at 11:00 UTC
+    - cron: '0 11 * * *'
+
+jobs:
+  repo-config:
+    uses: defenseunicorns/delivery-github-actions-workflows/.github/workflows/repo-config.yml@main
+    secrets:
+      APPLICATION_ID: ${{ secrets.NARWHAL_BOT_APP_ID }}
+      APPLICATION_PRIVATE_KEY: ${{ secrets.NARWHAL_BOT_SECRET }}
+    with:
+      branch: main
+      checks: |-
+        checks:
+          - context: 'e2e-tests'
+          - context: 'pre-commit-checks'
diff --git a/.github/workflows/slash-command-dispatch.yml b/.github/workflows/slash-command-dispatch.yml
new file mode 100644
index 0000000..80d5e61
--- /dev/null
+++ b/.github/workflows/slash-command-dispatch.yml
@@ -0,0 +1,50 @@
+# When someone with write access to the repo adds a comment to a PR that contains "/test <command>", dispatch the workflow found in "test-command.yml"
+# When someone with write access to the repo adds a comment to a PR that contains "/update <command>", dispatch the workflow found in "update-command.yml"
+
+name: Slash Command Dispatch
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+
+  slashCommandDispatchTest:
+    if: github.event.issue.pull_request && contains(github.event.comment.body, '/test')
+    runs-on:  ubuntu-latest
+    steps:
+      - name: Get token
+        id: get_workflow_token
+        uses: peter-murray/workflow-application-token-action@v4
+        with:
+          application_id: ${{ secrets.NARWHAL_BOT_APP_ID }}
+          application_private_key: ${{ secrets.NARWHAL_BOT_SECRET }}
+
+      - name: Slash Command Dispatch
+        uses: peter-evans/slash-command-dispatch@v4
+        with:
+          token: ${{ steps.get_workflow_token.outputs.token }}
+          reaction-token: ${{ steps.get_workflow_token.outputs.token }}
+          commands: test
+          permission: write
+          issue-type: pull-request
+
+  slashCommandDispatchUpdate:
+    if: github.event.issue.pull_request && contains(github.event.comment.body, '/update')
+    runs-on:  ubuntu-latest
+    steps:
+    - name: Get token
+      id: get_workflow_token
+      uses: peter-murray/workflow-application-token-action@v4
+      with:
+        application_id: ${{ secrets.NARWHAL_BOT_APP_ID }}
+        application_private_key: ${{ secrets.NARWHAL_BOT_SECRET }}
+
+    - name: Slash Command Dispatch
+      uses: peter-evans/slash-command-dispatch@v4
+      with:
+        token: ${{ steps.get_workflow_token.outputs.token }}
+        reaction-token: ${{ steps.get_workflow_token.outputs.token }}
+        commands: update
+        permission: write
+        issue-type: pull-request
diff --git a/.github/workflows/test-command.yml b/.github/workflows/test-command.yml
new file mode 100644
index 0000000..5a84d8f
--- /dev/null
+++ b/.github/workflows/test-command.yml
@@ -0,0 +1,38 @@
+# usage:
+  # A user with write status to the repo can from a PR comment:
+
+  # run a single test
+  # /test make=<make-target> region=<region>
+
+  # run ping test
+  # /test ping
+
+  # run all tests in the makefile
+  # /test
+
+name: test
+on:
+  repository_dispatch:
+    types: [test-command]
+
+
+permissions:
+  id-token: write
+  contents: read
+
+defaults:
+  run:
+    # We need -e -o pipefail for consistency with GitHub Actions' default behavior
+    shell: bash -e -o pipefail {0}
+
+jobs:
+  e2e-test:
+    uses: defenseunicorns/delivery-github-actions-workflows/.github/workflows/e2e-test.yml@main
+    secrets:
+      APPLICATION_ID: ${{ secrets.NARWHAL_BOT_APP_ID }}
+      APPLICATION_PRIVATE_KEY: ${{ secrets.NARWHAL_BOT_SECRET }}
+      AWS_COMMERCIAL_ROLE_TO_ASSUME: ${{ secrets.NARWHAL_AWS_COMMERCIAL_ROLE_TO_ASSUME }}
+      AWS_GOVCLOUD_ROLE_TO_ASSUME: ${{ secrets.NARWHAL_AWS_GOVCLOUD_ROLE_TO_ASSUME }}
+    with:
+      # check if the required slash command args are present, if so populate the json matrix, else pass in null and relevant e2e tests that would require a make target and region will be skipped
+      e2e-test-matrix: ${{ (contains(github.event.client_payload.slash_command_args.named, 'make') && contains(github.event.client_payload.slash_command_args.named, 'region')) && format('[{{"make-target":"{0}", "region":"{1}"}}]', github.event.client_payload.slash_command_args.named.make, github.event.client_payload.slash_command_args.named.region) || null }}
diff --git a/.github/workflows/update-command.yml b/.github/workflows/update-command.yml
new file mode 100644
index 0000000..da8b1a8
--- /dev/null
+++ b/.github/workflows/update-command.yml
@@ -0,0 +1,22 @@
+# This workflow is triggered by a comment on a pull request. The comment must contain "/update <command>" to trigger the workflow.
+
+name: update
+on:
+  repository_dispatch:
+    types: [update-command]
+
+permissions:
+  id-token: write
+  contents: write
+
+defaults:
+  run:
+    # We need -e -o pipefail for consistency with GitHub Actions' default behavior
+    shell: bash -e -o pipefail {0}
+
+jobs:
+  update:
+    uses: defenseunicorns/delivery-github-actions-workflows/.github/workflows/update.yml@main
+    secrets:
+      APPLICATION_ID: ${{ secrets.NARWHAL_BOT_APP_ID }}
+      APPLICATION_PRIVATE_KEY: ${{ secrets.NARWHAL_BOT_SECRET }}
diff --git a/.gitignore b/.gitignore
index 8fa6cf7..296cf43 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,16 +2,17 @@
 .idea/
 .DS_Store
 .vscode
-*.
-# Local .terraform directories
-**/.terraform/*
 
-**/.terraform.lock.hcl
 
+# Local .terraform directories
+.terraform/
+*.terraform.*
 # .tfstate files
 *.tfstate
 *.tfstate.*
 
+*.terraform.lock.hcl
+
 # Crash log files
 crash.log
 crash.*.log
@@ -22,7 +23,12 @@ crash.*.log
 # to change depending on the environment.
 *.tfvars
 *.tfvars.json
-!fixtures*.tfvars
+
+# Except ones that we do want to commit because they are used for automated tests
+!examples/complete/fixtures.common.tfvars
+!examples/complete/fixtures.insecure.tfvars
+!examples/complete/fixtures.secure.tfvars
+!modules/cloudtrail/examples/complete/fixtures.create-bucket.tfvars
 
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
@@ -34,9 +40,6 @@ override.tf.json
 # Include override files you do wish to add to version control using negated pattern
 # !example_override.tf
 
-# Ignore Terraform state files
-backend.tf
-
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
 
@@ -44,4 +47,17 @@ backend.tf
 .terraformrc
 terraform.rc
 
-ignore
+# Ignore Terraform cache
+.terragrunt-cache*
+
+# Ignore Terraform state files
+backend.tf
+
+# Ignore Checkov external module downloads
+.external_modules
+
+examples/zarf-complete-example/build
+
+#ignore lamba builds json file created from deploying lambda resource
+
+**/ignore
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 0523b17..40a0f80 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -30,7 +30,7 @@ repos:
           - "--verbose"
           - "--allow-parallel-runners"
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.87.1
+    rev: v1.88.0
     hooks:
       - id: terraform_fmt
       - id: terraform_docs
@@ -47,6 +47,6 @@ repos:
         args:
           - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
   - repo: https://github.com/renovatebot/pre-commit-hooks
-    rev: 37.198.1
+    rev: 37.229.5
     hooks:
       - id: renovate-config-validator
diff --git a/README.md b/README.md
index 885effd..a3f0f91 100644
--- a/README.md
+++ b/README.md
@@ -7,12 +7,14 @@ Repo provides module to create (or not, if already existing) transit gateway(s),
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.30.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.0.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.30.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 3.0.0 |
 
 ## Modules
 
@@ -30,6 +32,7 @@ Repo provides module to create (or not, if already existing) transit gateway(s),
 | [aws_ec2_transit_gateway_route_table_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_association) | resource |
 | [aws_ec2_transit_gateway_route_table_propagation.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
 | [aws_ec2_transit_gateway_vpc_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_vpc_attachment) | resource |
+| [random_id.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
 | [aws_ec2_transit_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway) | data source |
 | [aws_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
 
@@ -38,7 +41,7 @@ Repo provides module to create (or not, if already existing) transit gateway(s),
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_auto_accept_shared_attachments"></a> [auto\_accept\_shared\_attachments](#input\_auto\_accept\_shared\_attachments) | Whether resource attachment requests are automatically accepted. Valid values: `disable`, `enable`. Default value: `disable` | `string` | `"disable"` | no |
-| <a name="input_config"></a> [config](#input\_config) | Configuration for VPC attachments, Transit Gateway routes, and subnet routes | <pre>map(object({<br>    vpc_id                            = string<br>    vpc_cidr                          = string<br>    subnet_ids                        = set(string)<br>    subnet_route_table_ids            = set(string)<br>    route_to                          = set(string)<br>    route_to_cidr_blocks              = set(string)<br>    transit_gateway_vpc_attachment_id = string<br>    static_routes = set(object({<br>      blackhole              = bool<br>      destination_cidr_block = string<br>    }))<br>  }))</pre> | `null` | no |
+| <a name="input_config"></a> [config](#input\_config) | Configuration for VPC attachments, Transit Gateway routes, and subnet routes | <pre>map(object({<br>    vpc_name                          = string<br>    vpc_id                            = string<br>    vpc_cidr                          = string<br>    subnet_ids                        = set(string)<br>    subnet_route_table_ids            = set(string)<br>    route_to                          = set(string)<br>    route_to_cidr_blocks              = set(string)<br>    transit_gateway_vpc_attachment_id = string<br>    static_routes = set(object({<br>      blackhole              = bool<br>      destination_cidr_block = string<br>    }))<br>  }))</pre> | `null` | no |
 | <a name="input_create_transit_gateway"></a> [create\_transit\_gateway](#input\_create\_transit\_gateway) | Whether to create a Transit Gateway. If set to `false`, an existing Transit Gateway ID must be provided in the variable `existing_transit_gateway_id` | `bool` | `true` | no |
 | <a name="input_create_transit_gateway_propagation"></a> [create\_transit\_gateway\_propagation](#input\_create\_transit\_gateway\_propagation) | Whether to enable Transit Gateway propagation on the specified route table and attachment | `bool` | `true` | no |
 | <a name="input_create_transit_gateway_route_table"></a> [create\_transit\_gateway\_route\_table](#input\_create\_transit\_gateway\_route\_table) | Whether to create a Transit Gateway Route Table. If set to `false`, an existing Transit Gateway Route Table ID must be provided in the variable `existing_transit_gateway_route_table_id` | `bool` | `true` | no |
@@ -53,6 +56,9 @@ Repo provides module to create (or not, if already existing) transit gateway(s),
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to apply to all resources | `map(string)` | `{}` | no |
 | <a name="input_transit_gateway_cidr_blocks"></a> [transit\_gateway\_cidr\_blocks](#input\_transit\_gateway\_cidr\_blocks) | The list of associated CIDR blocks. It can contain up to 1 IPv4 CIDR block<br>of size up to /24 and up to one IPv6 CIDR block of size up to /64. The IPv4<br>block must not be from range 169.254.0.0/16. | `list(string)` | `null` | no |
 | <a name="input_transit_gateway_description"></a> [transit\_gateway\_description](#input\_transit\_gateway\_description) | Transit Gateway description. If not provided, one will be automatically generated. | `string` | `""` | no |
+| <a name="input_transit_gateway_name"></a> [transit\_gateway\_name](#input\_transit\_gateway\_name) | The name of the Transit Gateway | `string` | `""` | no |
+| <a name="input_transit_gateway_route_table_name"></a> [transit\_gateway\_route\_table\_name](#input\_transit\_gateway\_route\_table\_name) | The name of the Transit Gateway Route Table | `string` | `""` | no |
+| <a name="input_use_existing_transit_gateway"></a> [use\_existing\_transit\_gateway](#input\_use\_existing\_transit\_gateway) | Whether to use an existing Transit Gateway. If set to `true`, an existing Transit Gateway ID must be provided in the variable `existing_transit_gateway_id` | `bool` | `false` | no |
 | <a name="input_vpc_attachment_appliance_mode_support"></a> [vpc\_attachment\_appliance\_mode\_support](#input\_vpc\_attachment\_appliance\_mode\_support) | Whether Appliance Mode support is enabled. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. Valid values: `disable`, `enable` | `string` | `"disable"` | no |
 | <a name="input_vpc_attachment_dns_support"></a> [vpc\_attachment\_dns\_support](#input\_vpc\_attachment\_dns\_support) | Whether resource attachments automatically propagate routes to the default propagation route table. Valid values: `disable`, `enable`. Default value: `enable` | `string` | `"enable"` | no |
 | <a name="input_vpc_attachment_ipv6_support"></a> [vpc\_attachment\_ipv6\_support](#input\_vpc\_attachment\_ipv6\_support) | Whether resource attachments automatically propagate routes to the default propagation route table. Valid values: `disable`, `enable`. Default value: `disable` | `string` | `"disable"` | no |
@@ -62,6 +68,9 @@ Repo provides module to create (or not, if already existing) transit gateway(s),
 
 | Name | Description |
 |------|-------------|
+| <a name="output_destination_cidr_blocks"></a> [destination\_cidr\_blocks](#output\_destination\_cidr\_blocks) | Destination CIDR blocks |
+| <a name="output_route_config_list"></a> [route\_config\_list](#output\_route\_config\_list) | Route configuration list |
+| <a name="output_route_config_map"></a> [route\_config\_map](#output\_route\_config\_map) | Route configuration map |
 | <a name="output_subnet_route_ids"></a> [subnet\_route\_ids](#output\_subnet\_route\_ids) | Subnet route identifiers combined with destinations |
 | <a name="output_transit_gateway_arn"></a> [transit\_gateway\_arn](#output\_transit\_gateway\_arn) | Transit Gateway ARN |
 | <a name="output_transit_gateway_association_default_route_table_id"></a> [transit\_gateway\_association\_default\_route\_table\_id](#output\_transit\_gateway\_association\_default\_route\_table\_id) | Transit Gateway association default route table ID |
diff --git a/examples/complete/README.md b/examples/complete/README.md
new file mode 100644
index 0000000..b8cd0d8
--- /dev/null
+++ b/examples/complete/README.md
@@ -0,0 +1,50 @@
+# complete
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.34 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.1.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.34 |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 3.1.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_existing_transit_gateway_new_route_table"></a> [existing\_transit\_gateway\_new\_route\_table](#module\_existing\_transit\_gateway\_new\_route\_table) | ../.. | n/a |
+| <a name="module_new_transit_gateway"></a> [new\_transit\_gateway](#module\_new\_transit\_gateway) | ../.. | n/a |
+| <a name="module_vpc_dev"></a> [vpc\_dev](#module\_vpc\_dev) | git::https://github.com/defenseunicorns/terraform-aws-vpc.git | v0.1.5 |
+| <a name="module_vpc_prod"></a> [vpc\_prod](#module\_vpc\_prod) | git::https://github.com/defenseunicorns/terraform-aws-vpc.git | v0.1.5 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [random_id.default](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | The prefix to use when naming all resources | `string` | `"ex-complete"` | no |
+| <a name="input_num_azs"></a> [num\_azs](#input\_num\_azs) | The number of AZs to use | `number` | `3` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to apply to all resources | `map(string)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_debug"></a> [debug](#output\_debug) | n/a |
+| <a name="output_new_transit_gateway"></a> [new\_transit\_gateway](#output\_new\_transit\_gateway) | n/a |
+| <a name="output_new_transit_gateway_config"></a> [new\_transit\_gateway\_config](#output\_new\_transit\_gateway\_config) | n/a |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/subnet_route/README.md b/modules/subnet_route/README.md
new file mode 100644
index 0000000..2132200
--- /dev/null
+++ b/modules/subnet_route/README.md
@@ -0,0 +1,42 @@
+# subnet_route
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_route.count](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
+| [aws_route.keys](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_destination_cidr_blocks"></a> [destination\_cidr\_blocks](#input\_destination\_cidr\_blocks) | Destination CIDR blocks | `list(string)` | `null` | no |
+| <a name="input_route_keys_enabled"></a> [route\_keys\_enabled](#input\_route\_keys\_enabled) | n/a | `bool` | `false` | no |
+| <a name="input_route_table_ids"></a> [route\_table\_ids](#input\_route\_table\_ids) | Subnet route table IDs | `list(string)` | `null` | no |
+| <a name="input_transit_gateway_id"></a> [transit\_gateway\_id](#input\_transit\_gateway\_id) | Transit Gateway ID | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_destrination_cidr_blocks"></a> [destrination\_cidr\_blocks](#output\_destrination\_cidr\_blocks) | Destination CIDR blocks |
+| <a name="output_route_config_list"></a> [route\_config\_list](#output\_route\_config\_list) | Route configuration list |
+| <a name="output_route_config_map"></a> [route\_config\_map](#output\_route\_config\_map) | Route configuration map |
+| <a name="output_subnet_route_ids"></a> [subnet\_route\_ids](#output\_subnet\_route\_ids) | Subnet route identifiers combined with destinations |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/transit_gateway_route/README.md b/modules/transit_gateway_route/README.md
new file mode 100644
index 0000000..73523ef
--- /dev/null
+++ b/modules/transit_gateway_route/README.md
@@ -0,0 +1,37 @@
+# transit_gateway_route
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_ec2_transit_gateway_route.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_route_config"></a> [route\_config](#input\_route\_config) | Route config | <pre>list(object({<br>    blackhole              = bool<br>    destination_cidr_block = string<br>  }))</pre> | n/a | yes |
+| <a name="input_transit_gateway_attachment_id"></a> [transit\_gateway\_attachment\_id](#input\_transit\_gateway\_attachment\_id) | Transit Gateway VPC attachment ID | `string` | n/a | yes |
+| <a name="input_transit_gateway_route_table_id"></a> [transit\_gateway\_route\_table\_id](#input\_transit\_gateway\_route\_table\_id) | Transit Gateway route table ID | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_transit_gateway_route_ids"></a> [transit\_gateway\_route\_ids](#output\_transit\_gateway\_route\_ids) | Transit Gateway route identifiers combined with destinations |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/outputs.tf b/outputs.tf
index 388fb71..cf129e0 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -52,4 +52,3 @@ output "route_config_map" {
   value       = try({ for i, o in module.subnet_route : i => o["route_config_map"] }, {})
   description = "Route configuration map"
 }
-
diff --git a/release-please-config.json b/release-please-config.json
index 69ad65e..c8e0d13 100644
--- a/release-please-config.json
+++ b/release-please-config.json
@@ -30,8 +30,7 @@
       "release-type": "simple",
       "separate-pull-requests": false,
       "skip-github-release": false,
-      "versioning": "default",
-      "release-as": "0.0.1"
+      "versioning": "default"
     }
   }
 }

From 1e249515d1e57083474ec593e932f83144d6d9b6 Mon Sep 17 00:00:00 2001
From: Zack Annexstein <zannexstein@gmail.com>
Date: Wed, 6 Mar 2024 14:28:04 -0800
Subject: [PATCH 2/2] onboarding..

---
 release-please-config.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/release-please-config.json b/release-please-config.json
index c8e0d13..69ad65e 100644
--- a/release-please-config.json
+++ b/release-please-config.json
@@ -30,7 +30,8 @@
       "release-type": "simple",
       "separate-pull-requests": false,
       "skip-github-release": false,
-      "versioning": "default"
+      "versioning": "default",
+      "release-as": "0.0.1"
     }
   }
 }