From cb24106efd5a17ef2521a0d513d15aed1fe2b4a9 Mon Sep 17 00:00:00 2001
From: bertiethorpe <84867280+bertiethorpe@users.noreply.github.com>
Date: Mon, 3 Mar 2025 17:17:39 +0000
Subject: [PATCH 1/3] Update control.tf

---
 .../skeleton/{{cookiecutter.environment}}/tofu/control.tf     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/environments/skeleton/{{cookiecutter.environment}}/tofu/control.tf b/environments/skeleton/{{cookiecutter.environment}}/tofu/control.tf
index 26597b1ac..ebf13e372 100644
--- a/environments/skeleton/{{cookiecutter.environment}}/tofu/control.tf
+++ b/environments/skeleton/{{cookiecutter.environment}}/tofu/control.tf
@@ -14,8 +14,8 @@ resource "openstack_networking_port_v2" "control" {
     subnet_id = data.openstack_networking_subnet_v2.cluster_subnet[each.key].id
   }
 
-  port_security_enabled = lookup(each.value, "port_security_enabled", true)
-  security_group_ids = lookup(each.value, "port_security_enabled", true) ? [for o in data.openstack_networking_secgroup_v2.nonlogin: o.id] : []
+  port_security_enabled = lookup(each.value, "port_security_enabled", null)
+  security_group_ids = lookup(each.value, "port_security_enabled", null) != false ? [for o in data.openstack_networking_secgroup_v2.nonlogin: o.id] : []
 
   binding {
     vnic_type = lookup(var.vnic_types, each.key, "normal")

From 600f1e1716b6e4a36570e7f3d5a76aa2d3eba91c Mon Sep 17 00:00:00 2001
From: bertiethorpe <84867280+bertiethorpe@users.noreply.github.com>
Date: Mon, 3 Mar 2025 17:18:05 +0000
Subject: [PATCH 2/3] Update nodes.tf

---
 .../{{cookiecutter.environment}}/tofu/node_group/nodes.tf     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/environments/skeleton/{{cookiecutter.environment}}/tofu/node_group/nodes.tf b/environments/skeleton/{{cookiecutter.environment}}/tofu/node_group/nodes.tf
index 186b8538b..25f0cedc8 100644
--- a/environments/skeleton/{{cookiecutter.environment}}/tofu/node_group/nodes.tf
+++ b/environments/skeleton/{{cookiecutter.environment}}/tofu/node_group/nodes.tf
@@ -45,8 +45,8 @@ resource "openstack_networking_port_v2" "compute" {
     subnet_id = data.openstack_networking_subnet_v2.subnet[each.value.network].id
   }
 
-  port_security_enabled = lookup(each.value, "port_security_enabled", true)
-  security_group_ids = lookup(each.value, "port_security_enabled", true) ? var.security_group_ids : []
+  port_security_enabled = lookup(each.value, "port_security_enabled", null)
+  security_group_ids = lookup(each.value, "port_security_enabled", null) != false ? var.security_group_ids : []
 
   binding {
     vnic_type = lookup(var.vnic_types, each.value.network, "normal")

From 3af5f7b965559150d2bc02c5621550bb803b5d91 Mon Sep 17 00:00:00 2001
From: bertiethorpe <84867280+bertiethorpe@users.noreply.github.com>
Date: Mon, 3 Mar 2025 17:21:46 +0000
Subject: [PATCH 3/3] Update variables.tf

---
 .../skeleton/{{cookiecutter.environment}}/tofu/variables.tf     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/environments/skeleton/{{cookiecutter.environment}}/tofu/variables.tf b/environments/skeleton/{{cookiecutter.environment}}/tofu/variables.tf
index 8d5808ba7..2b08dbd25 100644
--- a/environments/skeleton/{{cookiecutter.environment}}/tofu/variables.tf
+++ b/environments/skeleton/{{cookiecutter.environment}}/tofu/variables.tf
@@ -15,7 +15,7 @@ variable "cluster_networks" {
         List of mappings defining networks. Mapping key/values:
             network: Required. Name of existing network
             subnet: Required. Name of existing subnet
-            port_security_enabled: Optional. Bool, default true
+            port_security_enabled: Optional. Bool, default null (for networks not owned by project)
     EOT
 }