-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
52 lines (48 loc) · 1.68 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#####################################################
# Security Group Resource
# Copyright 2020 IBM
#####################################################
data "ibm_is_security_group" "sg_ds" {
count = var.create_security_group ? 0 : 1
name = var.security_group
}
resource "ibm_is_security_group" "sg" {
count = var.create_security_group ? 1 : 0
name = var.name
vpc = var.vpc_id
resource_group = var.resource_group_id
}
#---------------------------------------------------------
# Create security group rules resources
#---------------------------------------------------------
resource "ibm_is_security_group_rule" "sg_rules" {
for_each = { for r in var.security_group_rules : r.name => r }
group = var.create_security_group ? ibm_is_security_group.sg[0].id : data.ibm_is_security_group.sg_ds.0.id
direction = each.value.direction
remote = each.value.remote != "" ? each.value.remote : null
ip_version = each.value.ip_version != "" ? each.value.ip_version : "ipv4"
dynamic "icmp" {
for_each = lookup(each.value, "icmp") == null ? [] : [each.value.icmp]
content {
code = lookup(icmp.value, "code", null)
type = lookup(icmp.value, "type", null)
}
}
dynamic "tcp" {
for_each = lookup(each.value, "tcp") == null ? [] : [each.value.tcp]
content {
port_min = lookup(tcp.value, "port_min", 1)
port_max = lookup(tcp.value, "port_max", 65535)
}
}
dynamic "udp" {
for_each = lookup(each.value, "udp") == null ? [] : [each.value.udp]
content {
port_min = lookup(udp.value, "port_min", 1)
port_max = lookup(udp.value, "port_max", 65535)
}
}
}
provider ibm {
region = "us-south"
}