Skip to content

Commit fb0273c

Browse files
author
Sean Sundberg
authored
Generates named security group for the rules (#7)
- Updates publish notification destinations as well Signed-off-by: Sean Sundberg <[email protected]>
1 parent b79ba0f commit fb0273c

File tree

2 files changed

+31
-19
lines changed

2 files changed

+31
-19
lines changed

.github/workflows/notify.yaml

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,17 @@ jobs:
66
notify:
77
runs-on: ubuntu-latest
88

9+
strategy:
10+
matrix:
11+
repo:
12+
- cloud-native-toolkit/ibm-garage-iteration-zero
13+
- cloud-native-toolkit/garage-terraform-modules
14+
915
steps:
10-
- name: Publish repository dispatch
11-
uses: ibm-garage-cloud/action-repository-dispatch@main
16+
- name: Repository dispatch ${{ matrix.repo }}
17+
uses: cloud-native-toolkit/action-repository-dispatch@main
1218
with:
13-
notifyRepo: ibm-garage-cloud/ibm-garage-iteration-zero
19+
notifyRepo: ${{ matrix.repo }}
1420
eventType: released
1521
env:
1622
GITHUB_TOKEN: ${{ secrets.TOKEN }}

main.tf

Lines changed: 22 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,15 @@
11

22
locals {
3-
zone_count = 3
4-
zone_ids = range(var.subnet_count)
5-
vpc_zone_names = [ for index in local.zone_ids: "${var.region}-${(index % local.zone_count) + 1}" ]
6-
prefix_name = var.name_prefix != "" ? var.name_prefix : var.resource_group_name
7-
vpc_name = lower(replace(var.name != "" ? var.name : "${local.prefix_name}-vpc", "_", "-"))
8-
vpc_id = ibm_is_vpc.vpc.id
9-
subnet_ids = ibm_is_subnet.vpc_subnet[*].id
10-
gateway_ids = var.public_gateway ? ibm_is_public_gateway.vpc_gateway[*].id : [ for val in range(local.zone_count): "" ]
11-
security_group = ibm_is_vpc.vpc.default_security_group
12-
ipv4_cidr_blocks = ibm_is_subnet.vpc_subnet[*].ipv4_cidr_block
3+
zone_count = 3
4+
zone_ids = range(var.subnet_count)
5+
vpc_zone_names = [ for index in local.zone_ids: "${var.region}-${(index % local.zone_count) + 1}" ]
6+
prefix_name = var.name_prefix != "" ? var.name_prefix : var.resource_group_name
7+
vpc_name = lower(replace(var.name != "" ? var.name : "${local.prefix_name}-vpc", "_", "-"))
8+
vpc_id = ibm_is_vpc.vpc.id
9+
subnet_ids = ibm_is_subnet.vpc_subnet[*].id
10+
gateway_ids = var.public_gateway ? ibm_is_public_gateway.vpc_gateway[*].id : [ for val in range(local.zone_count): "" ]
11+
security_group_id = ibm_is_security_group.security_group.id
12+
ipv4_cidr_blocks = ibm_is_subnet.vpc_subnet[*].ipv4_cidr_block
1313
}
1414

1515
resource null_resource print_names {
@@ -29,6 +29,12 @@ resource ibm_is_vpc vpc {
2929
resource_group = data.ibm_resource_group.resource_group.id
3030
}
3131

32+
resource ibm_is_security_group security_group {
33+
name = "${local.vpc_name}-security-group"
34+
vpc = ibm_is_vpc.vpc.id
35+
resource_group = data.ibm_resource_group.resource_group.id
36+
}
37+
3238
resource ibm_is_public_gateway vpc_gateway {
3339
count = var.public_gateway ? min(local.zone_count, var.subnet_count) : 0
3440

@@ -79,7 +85,7 @@ resource ibm_is_subnet vpc_subnet {
7985
resource ibm_is_security_group_rule rule_tcp_k8s {
8086
count = var.subnet_count
8187

82-
group = local.security_group
88+
group = local.security_group_id
8389
direction = "inbound"
8490
remote = local.ipv4_cidr_blocks[count.index]
8591

@@ -90,7 +96,7 @@ resource ibm_is_security_group_rule rule_tcp_k8s {
9096
}
9197

9298
resource ibm_is_security_group_rule rule_icmp_ping {
93-
group = ibm_is_vpc.vpc.default_security_group
99+
group = local.security_group_id
94100
direction = "inbound"
95101
remote = "0.0.0.0/0"
96102
icmp {
@@ -100,7 +106,7 @@ resource ibm_is_security_group_rule rule_icmp_ping {
100106

101107
# from https://cloud.ibm.com/docs/vpc?topic=vpc-service-endpoints-for-vpc
102108
resource ibm_is_security_group_rule "cse_dns_1" {
103-
group = ibm_is_vpc.vpc.default_security_group
109+
group = local.security_group_id
104110
direction = "outbound"
105111
remote = "161.26.0.10"
106112
udp {
@@ -110,7 +116,7 @@ resource ibm_is_security_group_rule "cse_dns_1" {
110116
}
111117

112118
resource ibm_is_security_group_rule cse_dns_2 {
113-
group = ibm_is_vpc.vpc.default_security_group
119+
group = local.security_group_id
114120
direction = "outbound"
115121
remote = "161.26.0.11"
116122
udp {
@@ -120,7 +126,7 @@ resource ibm_is_security_group_rule cse_dns_2 {
120126
}
121127

122128
resource ibm_is_security_group_rule private_dns_1 {
123-
group = ibm_is_vpc.vpc.default_security_group
129+
group = local.security_group_id
124130
direction = "outbound"
125131
remote = "161.26.0.7"
126132
udp {
@@ -130,7 +136,7 @@ resource ibm_is_security_group_rule private_dns_1 {
130136
}
131137

132138
resource ibm_is_security_group_rule private_dns_2 {
133-
group = ibm_is_vpc.vpc.default_security_group
139+
group = local.security_group_id
134140
direction = "outbound"
135141
remote = "161.26.0.8"
136142
udp {

0 commit comments

Comments
 (0)