diff --git a/README.md b/README.md
index f357374..0be15dd 100644
--- a/README.md
+++ b/README.md
@@ -60,6 +60,8 @@ Full contributing [guidelines are covered here](.github/how_to_contribute.md).
| huaweicloud_networking_secgroup.this | resource |
| huaweicloud_networking_secgroup_rule.in_v4_self_group | resource |
| huaweicloud_networking_secgroup_rule.this | resource |
+| huaweicloud_vpc_address_group.this | resource |
+| huaweicloud_networking_secgroup_rule.remote_address_group | resource |
| data.huaweicloud_vpcs.this | data-source |
| data.huaweicloud_vpc_subnets.this | data-source |
| data.huaweicloud_networking_secgroups.this | data-source |
@@ -73,11 +75,12 @@ Full contributing [guidelines are covered here](.github/how_to_contribute.md).
| is_vpc_create | Controls whether a VPC should be created (it affects all VPC related resources under this module) | bool | true | N |
| vpc_name | The name of the VPC resource | string | "" | N |
| vpc_cidr_block | The CIDR block of the VPC resource | string | "192.168.0.0/16" | N |
-| subnets_configuration | The configuration for the subnet resources to which the VPC belongs | list(object) | [
{
name = "module-default-subnet",
cidr = "192.168.16.0/20",
},
]
| N |
+| subnets_configuration | The configuration for the subnet resources to which the VPC belongs | list(object({
name = string
description = optional(string, null)
cidr = string
ipv6_enabled = optional(bool, true)
dhcp_enabled = optional(bool, true)
dns_list = optional(list(string), null)
tags = optional(map(string), {})
delete_timeout = optional(string, null)
})) | [
{
name = "module-default-subnet",
cidr = "192.168.16.0/20",
},
]
| N |
| is_security_group_create | Controls whether a security group should be created (it affects all security group related resources under this module) | bool | true | N |
| security_group_name | The name of the security group resource" | string | "" | N |
| security_group_description | The description of the security group resource | string | null | N |
-| security_group_rules_configuration | The configuration for security group rule resources to which the security group belongs | list(object) | [
{
protocol = "icmp"
}
]
| N |
+| security_group_rules_configuration | The configuration for security group rule resources to which the security group belongs | list(object({
description = optional(string, null)
direction = optional(string, "ingress")
ethertype = optional(string, "IPv4")
protocol = optional(string, null)
ports = optional(string, null)
remote_ip_prefix = optional(string, "0.0.0.0/0")
remote_group_id = optional(string, null)
remote_address_group_id = optional(string, null)
action = optional(string, "allow")
priority = optional(number, null)
})) | [
{
protocol = "icmp"
}
]
| N |
+| remote_address_group_rules_configuration | The configuration of remote address group for security group rule resources | list(object({
description = optional(string, null)
direction = optional(string, "ingress")
ethertype = optional(string, "IPv4")
protocol = optional(string, null)
ports = optional(string, null)
remote_addresses = list(string)
action = optional(string, "allow")
priority = optional(number, null)
})) |[
{direction="ingress", ethertype="IPv4", protocol="icmp", ports="80", remote_addresses=["192.168.10.22,192.168.11.0-192.168.11.240"]
}
] |
| query_vpc_names | The VPC name list used to query the resource IDs | list(string) | []
| N |
| query_subnet_names | The subnet name list used to query the resource IDs | list(string) | []
| N |
| query_security_group_names | The security group name list used to query the resource IDs | list(string) | []
| N |
diff --git a/examples/simple-security-group-rules/README.md b/examples/simple-security-group-rules/README.md
index 4900b37..32a52f3 100644
--- a/examples/simple-security-group-rules/README.md
+++ b/examples/simple-security-group-rules/README.md
@@ -40,13 +40,21 @@ quota limits). Run `terraform destroy` when you don't need these resources.
|------|------|
| huaweicloud_networking_secgroup.this[0] | resource |
| huaweicloud_networking_secgroup_rule.in_v4_self_group[0] | resource |
+| huaweicloud_networking_secgroup_rule.this[0] | resource |
| huaweicloud_networking_secgroup_rule.this[1] | resource |
+| huaweicloud_networking_secgroup_rule.this[2] | resource |
+| huaweicloud_networking_secgroup_rule.this[3] | resource |
+| huaweicloud_vpc_address_group.this[0] | resource |
+| huaweicloud_networking_secgroup_rule.remote_address_group[0] | resource |
## Inputs
| Name | Description | Type | Value |
|------|-------------|------|-------|
+| is_vpc_create | Controls whether a VPC should be created (it affects all VPC related resources under this module) | bool | false |
| security_group_name | The name of the security group resource | string | module-single-security-group |
+| security_group_rules_configuration |vThe configuration for security group rule resources to which the security group belongs | list(object({
description = optional(string, null)
direction = optional(string, "ingress")
ethertype = optional(string, "IPv4")
protocol = optional(string, null)
ports = optional(string, null)
remote_ip_prefix = optional(string, "0.0.0.0/0")
remote_group_id = optional(string, null)
remote_address_group_id = optional(string, null)
action = optional(string, "allow")
priority = optional(number, null)
})) | [
{direction="ingress", ethertype="IPv4", protocol="icmp"},
{direction="ingress", ethertype="IPv6", protocol="icmp", remote_ip_prefix="::/0"},
{direction="egress", ethertype="IPv4"},
{direction="egress", ethertype="IPv6", remote_ip_prefix="::/0"},
]
|
+| remote_address_group_rules_configuration | The configuration of remote address group for security group rule resources | list(object({
description = optional(string, null)
direction = optional(string, "ingress")
ethertype = optional(string, "IPv4")
protocol = optional(string, null)
ports = optional(string, null)
remote_addresses = list(string)
action = optional(string, "allow")
priority = optional(number, null)
})) |[
{direction="ingress", ethertype="IPv4", protocol="icmp", ports="80", remote_addresses=["192.168.10.22,192.168.11.0-192.168.11.240"]},
] |
## Outputs
diff --git a/examples/simple-security-group-rules/main.tf b/examples/simple-security-group-rules/main.tf
index ca719f9..7d2a948 100644
--- a/examples/simple-security-group-rules/main.tf
+++ b/examples/simple-security-group-rules/main.tf
@@ -1,6 +1,8 @@
module "vpc_service" {
source = "../.."
+ is_vpc_create = false
+
security_group_name = "module-single-security-group"
security_group_rules_configuration = [
@@ -9,4 +11,7 @@ module "vpc_service" {
{direction="egress", ethertype="IPv4"},
{direction="egress", ethertype="IPv6", remote_ip_prefix="::/0"},
]
+ remote_address_group_rules_configuration = [
+ {direction="ingress", ethertype="IPv4", protocol="tcp", ports="80", remote_addresses=["192.168.10.22","192.168.11.0-192.168.11.240"]},
+ ]
}
diff --git a/examples/simple-security-group-rules/variables.tf b/examples/simple-security-group-rules/variables.tf
deleted file mode 100644
index 6da6b32..0000000
--- a/examples/simple-security-group-rules/variables.tf
+++ /dev/null
@@ -1,6 +0,0 @@
-variable "security_group_name" {
- description = "The name of the security group resource"
-
- type = string
- default = "module-single-security-group"
-}
diff --git a/main.tf b/main.tf
index 2b366c6..e597862 100644
--- a/main.tf
+++ b/main.tf
@@ -83,12 +83,35 @@ resource "huaweicloud_networking_secgroup_rule" "this" {
security_group_id = huaweicloud_networking_secgroup.this[0].id
- description = lookup(element(var.security_group_rules_configuration, count.index), "description")
- direction = lookup(element(var.security_group_rules_configuration, count.index), "direction")
- ethertype = lookup(element(var.security_group_rules_configuration, count.index), "ethertype")
- protocol = lookup(element(var.security_group_rules_configuration, count.index), "protocol")
- ports = lookup(element(var.security_group_rules_configuration, count.index), "ports")
- remote_ip_prefix = lookup(element(var.security_group_rules_configuration, count.index), "remote_ip_prefix")
- action = lookup(element(var.security_group_rules_configuration, count.index), "action")
- priority = lookup(element(var.security_group_rules_configuration, count.index), "priority")
+ description = lookup(element(var.security_group_rules_configuration, count.index), "description")
+ direction = lookup(element(var.security_group_rules_configuration, count.index), "direction")
+ ethertype = lookup(element(var.security_group_rules_configuration, count.index), "ethertype")
+ protocol = lookup(element(var.security_group_rules_configuration, count.index), "protocol")
+ ports = lookup(element(var.security_group_rules_configuration, count.index), "ports")
+ remote_ip_prefix = lookup(element(var.security_group_rules_configuration, count.index), "remote_group_id") == null ? lookup(element(var.security_group_rules_configuration, count.index), "remote_ip_prefix") : null
+ remote_group_id = lookup(element(var.security_group_rules_configuration, count.index), "remote_group_id")
+ action = lookup(element(var.security_group_rules_configuration, count.index), "action")
+ priority = lookup(element(var.security_group_rules_configuration, count.index), "priority")
+}
+
+resource "huaweicloud_vpc_address_group" "this" {
+ count = var.is_security_group_create && length(var.remote_address_group_rules_configuration) > 0 ? length(var.remote_address_group_rules_configuration) : 0
+
+ name = var.name_suffix != "" ? format("%s-address-group-%d", var.name_suffix, count.index) : var.security_group_name
+ addresses = lookup(element(var.remote_address_group_rules_configuration, count.index), "remote_addresses")
+}
+
+resource "huaweicloud_networking_secgroup_rule" "remote_address_group" {
+ count = var.is_security_group_create && length(var.remote_address_group_rules_configuration) > 0 ? length(var.remote_address_group_rules_configuration) : 0
+
+ security_group_id = huaweicloud_networking_secgroup.this[0].id
+
+ description = lookup(element(var.remote_address_group_rules_configuration, count.index), "description")
+ direction = lookup(element(var.remote_address_group_rules_configuration, count.index), "direction")
+ ethertype = lookup(element(var.remote_address_group_rules_configuration, count.index), "ethertype")
+ protocol = lookup(element(var.remote_address_group_rules_configuration, count.index), "protocol")
+ ports = lookup(element(var.remote_address_group_rules_configuration, count.index), "ports")
+ remote_address_group_id = huaweicloud_vpc_address_group.this[count.index].id
+ action = lookup(element(var.remote_address_group_rules_configuration, count.index), "action")
+ priority = lookup(element(var.remote_address_group_rules_configuration, count.index), "priority")
}
diff --git a/variables.tf b/variables.tf
index 14ee29a..648e5e9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -97,22 +97,41 @@ variable "security_group_description" {
variable "security_group_rules_configuration" {
description = "The configuration for security group rule resources to which the security group belongs"
+ type = list(object({
+ description = optional(string, null)
+ direction = optional(string, "ingress")
+ ethertype = optional(string, "IPv4")
+ protocol = optional(string, null)
+ ports = optional(string, null)
+ remote_ip_prefix = optional(string, "0.0.0.0/0")
+ remote_group_id = optional(string, null)
+ remote_address_group_id = optional(string, null)
+ action = optional(string, "allow")
+ priority = optional(number, null)
+ }))
+
+ default = [
+ {
+ protocol = "icmp"
+ }
+ ]
+}
+
+variable "remote_address_group_rules_configuration" {
+ description = "The configuration of remote address group for security group rule resources"
+
type = list(object({
description = optional(string, null)
direction = optional(string, "ingress")
ethertype = optional(string, "IPv4")
protocol = optional(string, null)
ports = optional(string, null)
- remote_ip_prefix = optional(string, "0.0.0.0/0")
+ remote_addresses = list(string) // The remote addresses split by commas (,)
action = optional(string, "allow")
priority = optional(number, null)
}))
- default = [
- {
- protocol = "icmp"
- }
- ]
+ default = []
}
######################################################################