-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.tf
66 lines (51 loc) · 1.7 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# =====================================
# Manage firewalls in the Hetzner Cloud
# =====================================
# ------------
# Local Values
# ------------
locals {
# Build a map of all provided firewall objects, indexed by firewall name:
firewalls = {
for firewall in var.firewalls : firewall.name => firewall
}
# Build a map of all provided firewall objects to be attached, indexed
# by firewall name:
attachments = {
for firewall in var.firewalls : firewall.name => merge(firewall, {
"firewall" = firewall.name
}) if(try(firewall.server, null) != null)
}
}
# ---------
# Firewalls
# ---------
resource "hcloud_firewall" "firewalls" {
for_each = local.firewalls
name = each.value.name
dynamic "rule" {
for_each = each.value.rules
content {
direction = rule.value["direction"]
protocol = rule.value["protocol"]
port = (rule.value["protocol"] == "tcp" ||
rule.value["protocol"] == "udp" ?
rule.value["port"] : null)
source_ips = (rule.value["direction"] == "in" ?
rule.value["remote_ips"] : null)
destination_ips = (rule.value["direction"] == "out" ?
rule.value["remote_ips"] : null)
description = rule.value["description"]
}
}
labels = each.value.labels
}
# --------------------
# Firewall Attachments
# --------------------
resource "hcloud_firewall_attachment" "attachments" {
for_each = local.attachments
firewall_id = hcloud_firewall.firewalls[each.value.name].id
label_selectors = each.value.server.labels
server_ids = each.value.server.ids
}