-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
89 lines (75 loc) · 3.12 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
terraform {
required_version = "~> 1.2"
required_providers {
vcd = {
source = "vmware/vcd"
version = "~> 3.8"
}
}
}
# Create the Datacenter Group data source
data "vcd_vdc_group" "dcgroup" {
org = var.vdc_org_name
name = var.vdc_group_name
}
# Create the NSX-T Edge Gateway data source
data "vcd_nsxt_edgegateway" "edge_gateway" {
org = var.vdc_org_name
owner_id = data.vcd_vdc_group.dcgroup.id
name = var.vdc_edge_name
}
# Create the NSX-T Data Center Edge Gateway Firewall data source
data "vcd_nsxt_firewall" "edge_fw" {
org = var.vdc_org_name
edge_gateway_id = data.vcd_nsxt_edgegateway.edge_gateway.id
}
data "vcd_nsxt_app_port_profile" "app_port_profiles" {
org = var.vdc_org_name
for_each = var.app_port_profiles
name = each.key
scope = each.value
}
data "vcd_nsxt_ip_set" "ip_sets" {
org = var.vdc_org_name
for_each = toset(var.ip_set_names)
edge_gateway_id = data.vcd_nsxt_edgegateway.edge_gateway.id
name = each.value
}
data "vcd_nsxt_dynamic_security_group" "dynamic_security_groups" {
org = var.vdc_org_name
for_each = toset(var.dynamic_security_group_names)
vdc_group_id = data.vcd_vdc_group.dcgroup.id
name = each.value
}
data "vcd_nsxt_security_group" "security_groups" {
org = var.vdc_org_name
for_each = toset(var.security_group_names)
edge_gateway_id = data.vcd_nsxt_edgegateway.edge_gateway.id
name = each.value
}
locals {
id_lookup = merge(
{ for name, profile in data.vcd_nsxt_app_port_profile.app_port_profiles : name => profile.id },
{ for name, group in data.vcd_nsxt_security_group.security_groups : name => group.id },
{ for name, group in data.vcd_nsxt_dynamic_security_group.dynamic_security_groups : name => group.id },
{ for name, set in data.vcd_nsxt_ip_set.ip_sets : name => set.id }
)
}
resource "vcd_nsxt_firewall" "edge_firewall" {
org = var.vdc_org_name
edge_gateway_id = data.vcd_nsxt_edgegateway.edge_gateway.id
dynamic "rule" {
for_each = var.rules
content {
name = rule.value["name"]
direction = rule.value["direction"]
ip_protocol = rule.value["ip_protocol"]
action = rule.value["action"]
enabled = lookup(rule.value, "enabled", true)
logging = lookup(rule.value, "logging", false)
source_ids = try(length(rule.value["source_ids"]), 0) > 0 ? [for name in rule.value["source_ids"]: local.id_lookup[name] if contains(keys(local.id_lookup), name) && name != null && name != ""] : null
destination_ids = try(length(rule.value["destination_ids"]), 0) > 0 ? [for name in rule.value["destination_ids"]: local.id_lookup[name] if contains(keys(local.id_lookup), name) && name != null && name != ""] : null
app_port_profile_ids = try(length(rule.value["app_port_profile_ids"]), 0) > 0 ? [for name in rule.value["app_port_profile_ids"]: local.id_lookup[name] if contains(keys(local.id_lookup), name) && name != null && name != ""] : null
}
}
}