From 2701a536936e644b986d4a4a2f9d730c2542a5e2 Mon Sep 17 00:00:00 2001 From: mohamad mokhtar mokhtarzadeh tabrizi Date: Wed, 21 Aug 2024 01:20:46 +0330 Subject: [PATCH 1/2] Add security group module into project --- .../modules/security_group/README.md | 39 ++++++ .../modules/security_group/main.tf | 31 +++++ .../modules/security_group/outputs.tf | 0 .../modules/security_group/variables.tf | 121 ++++++++++++++++++ .../modules/security_group/versions.tf | 8 ++ 5 files changed, 199 insertions(+) create mode 100644 part20-arvancloud-abrak/modules/security_group/README.md create mode 100644 part20-arvancloud-abrak/modules/security_group/main.tf create mode 100644 part20-arvancloud-abrak/modules/security_group/outputs.tf create mode 100644 part20-arvancloud-abrak/modules/security_group/variables.tf create mode 100644 part20-arvancloud-abrak/modules/security_group/versions.tf diff --git a/part20-arvancloud-abrak/modules/security_group/README.md b/part20-arvancloud-abrak/modules/security_group/README.md new file mode 100644 index 0000000..48ab5b2 --- /dev/null +++ b/part20-arvancloud-abrak/modules/security_group/README.md @@ -0,0 +1,39 @@ +## Requirements + +| Name | Version | +|------|---------| +| [arvan](#requirement\_arvan) | >=0.6.4 | + +## Providers + +| Name | Version | +|------|---------| +| [arvan](#provider\_arvan) | >=0.6.4 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [arvan_iaas_abrak_assign_security_group.security_group_to_abrak](https://registry.terraform.io/providers/arvancloud/arvan/latest/docs/resources/iaas_abrak_assign_security_group) | resource | +| [arvan_iaas_abrak_remove_security_group.security_group_to_abrak](https://registry.terraform.io/providers/arvancloud/arvan/latest/docs/resources/iaas_abrak_remove_security_group) | resource | +| [arvan_iaas_security_group.security_group](https://registry.terraform.io/providers/arvancloud/arvan/latest/docs/resources/iaas_security_group) | resource | +| [arvan_iaas_security_group_rule.security_group_rule](https://registry.terraform.io/providers/arvancloud/arvan/latest/docs/resources/iaas_security_group_rule) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [abrak\_uuid](#input\_abrak\_uuid) | Abrak UUID to attach to security group | `string` | `""` | no | +| [attach\_to\_abrak](#input\_attach\_to\_abrak) | Disable this vairable when you want to dettach from abrak | `bool` | `true` | no | +| [description](#input\_description) | Description for security gorup | `string` | `"Created from Terrafrom"` | no | +| [region](#input\_region) | Arvancloud region name. | `string` | n/a | yes | +| [security\_group\_rules](#input\_security\_group\_rules) | n/a | 
list(object({
    description = string
    direction   = string
    protocol    = string
    port_from   = string
    port_to     = string
    ips         = list(string)
  }))
| 
[
  {
    "description": "Default description from terraform",
    "direction": "ingress",
    "ips": [],
    "port_from": "0",
    "port_to": "1024",
    "protocol": "tcp"
  }
]
| no | +| [sg\_name](#input\_sg\_name) | Security group name in Arvancloud web console | `string` | n/a | yes | + +## Outputs + +No outputs. diff --git a/part20-arvancloud-abrak/modules/security_group/main.tf b/part20-arvancloud-abrak/modules/security_group/main.tf new file mode 100644 index 0000000..9cede0d --- /dev/null +++ b/part20-arvancloud-abrak/modules/security_group/main.tf @@ -0,0 +1,31 @@ +resource "arvan_iaas_security_group" "security_group" { + name = var.sg_name + region = var.region + description = var.description +} + +resource "arvan_iaas_security_group_rule" "security_group_rule" { + security_group_uuid = arvan_iaas_security_group.security_group.id + region = var.region + for_each = { for id, description in var.security_group_rules : id => description } + description = each.value.description + direction = each.value.direction + protocol = each.value.protocol + port_from = each.value.port_from + port_to = each.value.port_to + ips = each.value.ips +} + +resource "arvan_iaas_abrak_assign_security_group" "security_group_to_abrak" { + count = var.attach_to_abrak ? 1 : 0 + region = var.region + security_group_uuid = arvan_iaas_security_group.security_group.id + abrak_uuid = var.abrak_uuid +} + +resource "arvan_iaas_abrak_remove_security_group" "security_group_to_abrak" { + count = var.attach_to_abrak ? 0 : 1 + region = var.region + security_group_uuid = arvan_iaas_security_group.security_group.id + abrak_uuid = var.abrak_uuid +} \ No newline at end of file diff --git a/part20-arvancloud-abrak/modules/security_group/outputs.tf b/part20-arvancloud-abrak/modules/security_group/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/part20-arvancloud-abrak/modules/security_group/variables.tf b/part20-arvancloud-abrak/modules/security_group/variables.tf new file mode 100644 index 0000000..1daed36 --- /dev/null +++ b/part20-arvancloud-abrak/modules/security_group/variables.tf @@ -0,0 +1,121 @@ +variable "region" { + description = "Arvancloud region name." + type = string + validation { + condition = contains( + [ + "ir-thr-c2", # Forogh + "ir-tbz-dc1", # Shahriar + "ir-thr-w1", # Bamdad + "ir-thr-c1" # Simin + ], + var.region + ) + error_message = <<-EOF + " + Specify valid region name. Using the following available regions. + Forogh ==> ir-thr-c2 + Shahriar ==> ir-tbz-dc1 + Bamdad ==> ir-thr-w1 + Simin ==> ir-thr-c1 + " + EOF + } +} + + +variable "sg_name" { + description = "Security group name in Arvancloud web console" + type = string +} + +variable "description" { + description = "Description for security gorup" + type = string + default = "Created from Terrafrom" +} + +variable "security_group_rules" { + type = list(object({ + description = string + direction = string + protocol = string + port_from = string + port_to = string + ips = list(string) + })) + default = [ + { + description = "Default description from terraform" + direction = "ingress" + protocol = "tcp" + port_from = "0" + port_to = "1024" + ips = [] + } + ] + validation { + # Validation for protocol + condition = alltrue([ + for rule in var.security_group_rules : contains( + [ + "tcp", + "udp" + ], + rule.protocol + ) + ]) + error_message = <<-EOF + " + Specify valid protocol name. Using the following available protocols. + tcp or udp + " + EOF + } + + validation { + # Validation for direction + condition = alltrue([ + for rule in var.security_group_rules : contains( + [ + "ingress", + "egress" + ], + rule.direction + ) + ]) + error_message = <<-EOF + " + Specify valid direction. Use one of the following: + ingress or egress + " + EOF + } + + validation { + # Validation for port_from and port_to + condition = alltrue([ + for rule in var.security_group_rules : ( + tonumber(rule.port_from) >= 0 && tonumber(rule.port_from) <= 65535 && + tonumber(rule.port_to) >= 0 && tonumber(rule.port_to) <= 65535 + ) + ]) + error_message = <<-EOF + " + Port values must be between 0 and 65535 for both port_from and port_to. + " + EOF + } +} + +variable "abrak_uuid" { + description = "Abrak UUID to attach to security group" + type = string + default = "" +} + +variable "attach_to_abrak" { + description = "Disable this vairable when you want to dettach from abrak" + type = bool + default = true +} \ No newline at end of file diff --git a/part20-arvancloud-abrak/modules/security_group/versions.tf b/part20-arvancloud-abrak/modules/security_group/versions.tf new file mode 100644 index 0000000..7eb80a0 --- /dev/null +++ b/part20-arvancloud-abrak/modules/security_group/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + arvan = { + source = "arvancloud/arvan" + version = ">=0.6.4" + } + } +} \ No newline at end of file From 615229979db71ded5d3a7b7ed0d55a40edc31261 Mon Sep 17 00:00:00 2001 From: mohamad mokhtar mokhtarzadeh tabrizi Date: Wed, 21 Aug 2024 01:21:22 +0330 Subject: [PATCH 2/2] Using security module in main project --- part20-arvancloud-abrak/main.tf | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/part20-arvancloud-abrak/main.tf b/part20-arvancloud-abrak/main.tf index 4058f31..50d9e58 100644 --- a/part20-arvancloud-abrak/main.tf +++ b/part20-arvancloud-abrak/main.tf @@ -19,4 +19,31 @@ module "abrak" { name = "debian/11" } abrak_disk_size = 25 +} + +module "security_group" { + source = "./modules/security_group" + sg_name = "sg-http-access" + region = var.region + description = "Using from devopshobies" + attach_to_abrak = false + abrak_uuid = module.abrak.id + security_group_rules = [ + { + description = "Open http port" + direction = "ingress" + protocol = "tcp" + port_from = "80" + port_to = "80" + ips = ["0.0.0.0/0"] + }, + { + description = "Open https port" + direction = "ingress" + protocol = "tcp" + port_from = "443" + port_to = "443" + ips = ["0.0.0.0/0"] + } + ] } \ No newline at end of file