Skip to content
Snippets Groups Projects
Commit 1c2fd6f6 authored by František Dvořák's avatar František Dvořák
Browse files

Simplify security groups

parent f090d98c
No related branches found
No related tags found
No related merge requests found
Pipeline #622 passed
......@@ -177,7 +177,6 @@ resource "openstack_compute_instance_v2" "server" {
key_pair = var.ssh
security_groups = [
openstack_networking_secgroup_v2.all.name,
openstack_networking_secgroup_v2.ssh.name,
]
user_data = data.template_cloudinit_config.ctx[count.index].rendered
network {
......
resource "openstack_networking_secgroup_v2" "all" {
name = format("%s.all", var.domain)
name = var.domain
description = "${title(var.domain)} all security group"
}
resource "openstack_networking_secgroup_v2" "ssh" {
name = format("%s.ssh", var.domain)
description = "${title(var.domain)} ssh security group"
}
resource "openstack_networking_secgroup_rule_v2" "all_self" {
for_each = toset(["0.0.0.0/0", "::/0"])
direction = "ingress"
......@@ -32,17 +27,12 @@ resource "openstack_networking_secgroup_rule_v2" "all_other" {
security_group_id = openstack_networking_secgroup_v2.all.id
}
resource "openstack_networking_secgroup_rule_v2" "all_floatip" {
direction = "ingress"
ethertype = "IPv4"
remote_ip_prefix = "${openstack_networking_floatingip_v2.floatip_1.address}/32"
security_group_id = openstack_networking_secgroup_v2.all.id
}
resource "openstack_networking_secgroup_rule_v2" "ssh" {
for_each = var.security_admin_cidr
direction = "ingress"
ethertype = length(regexall(":", each.value)) == 0 ? "IPv4" : "IPv6"
port_range_min = 22
port_range_max = 22
remote_ip_prefix = each.key
security_group_id = openstack_networking_secgroup_v2.ssh.id
security_group_id = openstack_networking_secgroup_v2.all.id
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment