Skip to content

Commit 93d09e7

Browse files
committed
Allow source_security_group_ids in security-group module
1 parent 1f6d6ad commit 93d09e7

File tree

1 file changed

+98
-67
lines changed

1 file changed

+98
-67
lines changed

modules/security-group/main.tf

Lines changed: 98 additions & 67 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
resource "aws_security_group" "this" {
2-
vpc_id = var.vpc_id
2+
vpc_id = var.vpc_id
33

44
name = var.name
55
name_prefix = var.name_prefix
@@ -21,86 +21,117 @@ resource "aws_security_group" "this" {
2121
###################################################
2222

2323
locals {
24+
flattened_ingress_rules = concat(
25+
[
26+
for rule in var.ingress_rules :
27+
rule
28+
if length(lookup(rule, "source_security_group_ids", [])) < 1
29+
],
30+
flatten([
31+
for rule in var.ingress_rules : [
32+
for source_security_group_id in rule.source_security_group_ids :
33+
merge(rule, {
34+
source_security_group_id = source_security_group_id
35+
})
36+
] if length(lookup(rule, "source_security_group_ids", [])) > 0
37+
])
38+
)
39+
flattened_egress_rules = concat(
40+
[
41+
for rule in var.egress_rules :
42+
rule
43+
if length(lookup(rule, "source_security_group_ids", [])) < 1
44+
],
45+
flatten([
46+
for rule in var.egress_rules : [
47+
for source_security_group_id in rule.source_security_group_ids :
48+
merge(rule, {
49+
source_security_group_id = source_security_group_id
50+
})
51+
] if length(lookup(rule, "source_security_group_ids", [])) > 0
52+
])
53+
)
54+
2455
normalized_ingress_rules = [
25-
for rule in var.ingress_rules:
26-
{
27-
description = lookup(rule, "description", "Managed by Terraform"),
28-
29-
protocol = rule.protocol,
30-
from_port = rule.from_port,
31-
to_port = rule.to_port,
32-
33-
cidr_blocks = lookup(rule, "cidr_blocks", null) != null ? sort(compact(rule.cidr_blocks)) : null,
34-
ipv6_cidr_blocks = lookup(rule, "ipv6_cidr_blocks", null) != null ? sort(compact(rule.ipv6_cidr_blocks)) : null,
35-
prefix_list_ids = lookup(rule, "prefix_list_ids", null) != null ? sort(compact(rule.prefix_list_ids)) : null,
36-
source_security_group_id = lookup(rule, "source_security_group_id", null),
37-
self = lookup(rule, "self", null) != null ? true : null,
38-
}
56+
for rule in local.flattened_ingress_rules : {
57+
description = lookup(rule, "description", "Managed by Terraform")
58+
59+
protocol = rule.protocol
60+
from_port = rule.from_port
61+
to_port = rule.to_port
62+
63+
cidr_blocks = lookup(rule, "cidr_blocks", null) != null ? sort(compact(rule.cidr_blocks)) : null
64+
ipv6_cidr_blocks = lookup(rule, "ipv6_cidr_blocks", null) != null ? sort(compact(rule.ipv6_cidr_blocks)) : null
65+
prefix_list_ids = lookup(rule, "prefix_list_ids", null) != null ? sort(compact(rule.prefix_list_ids)) : null
66+
source_security_group_id = lookup(rule, "source_security_group_id", null)
67+
self = lookup(rule, "self", null) != null ? true : null
68+
}
3969
]
4070
normalized_egress_rules = [
41-
for rule in var.egress_rules:
42-
{
43-
description = lookup(rule, "description", "Managed by Terraform"),
44-
45-
protocol = rule.protocol,
46-
from_port = rule.from_port,
47-
to_port = rule.to_port,
48-
49-
cidr_blocks = lookup(rule, "cidr_blocks", null) != null ? sort(compact(rule.cidr_blocks)) : null,
50-
ipv6_cidr_blocks = lookup(rule, "ipv6_cidr_blocks", null) != null ? sort(compact(rule.ipv6_cidr_blocks)) : null,
51-
prefix_list_ids = lookup(rule, "prefix_list_ids", null) != null ? sort(compact(rule.prefix_list_ids)) : null,
52-
source_security_group_id = lookup(rule, "source_security_group_id", null),
53-
self = lookup(rule, "self", null) != null ? true : null,
54-
}
71+
for rule in local.flattened_egress_rules : {
72+
description = lookup(rule, "description", "Managed by Terraform")
73+
74+
protocol = rule.protocol
75+
from_port = rule.from_port
76+
to_port = rule.to_port
77+
78+
cidr_blocks = lookup(rule, "cidr_blocks", null) != null ? sort(compact(rule.cidr_blocks)) : null
79+
ipv6_cidr_blocks = lookup(rule, "ipv6_cidr_blocks", null) != null ? sort(compact(rule.ipv6_cidr_blocks)) : null
80+
prefix_list_ids = lookup(rule, "prefix_list_ids", null) != null ? sort(compact(rule.prefix_list_ids)) : null
81+
source_security_group_id = lookup(rule, "source_security_group_id", null)
82+
self = lookup(rule, "self", null) != null ? true : null
83+
}
5584
]
5685

5786
# Filter if empty
5887
compacted_ingress_rules = [
59-
for rule in local.normalized_ingress_rules:
60-
rule if length(compact(flatten([
61-
rule.cidr_blocks,
62-
rule.ipv6_cidr_blocks,
63-
rule.prefix_list_ids,
64-
rule.source_security_group_id,
65-
rule.self != null ? "self" : null,
66-
]))) > 0
88+
for rule in local.normalized_ingress_rules :
89+
rule
90+
if length(compact(flatten([
91+
rule.cidr_blocks,
92+
rule.ipv6_cidr_blocks,
93+
rule.prefix_list_ids,
94+
rule.source_security_group_id,
95+
rule.self != null ? "self" : null,
96+
]))) > 0
6797
]
6898
compacted_egress_rules = [
69-
for rule in local.normalized_egress_rules:
70-
rule if length(compact(flatten([
71-
rule.cidr_blocks,
72-
rule.ipv6_cidr_blocks,
73-
rule.prefix_list_ids,
74-
rule.source_security_group_id,
75-
rule.self != null ? "self" : null,
76-
]))) > 0
99+
for rule in local.normalized_egress_rules :
100+
rule
101+
if length(compact(flatten([
102+
rule.cidr_blocks,
103+
rule.ipv6_cidr_blocks,
104+
rule.prefix_list_ids,
105+
rule.source_security_group_id,
106+
rule.self != null ? "self" : null,
107+
]))) > 0
77108
]
78109

79110
ingress_rules = {
80-
for rule in local.compacted_ingress_rules:
81-
join("_", compact(flatten([
82-
rule.protocol,
83-
rule.from_port,
84-
rule.to_port,
85-
rule.cidr_blocks,
86-
rule.ipv6_cidr_blocks,
87-
rule.prefix_list_ids,
88-
rule.source_security_group_id,
89-
rule.self != null ? "self" : null,
90-
]))) => rule
111+
for rule in local.compacted_ingress_rules :
112+
join("_", compact(flatten([
113+
rule.protocol,
114+
rule.from_port,
115+
rule.to_port,
116+
rule.cidr_blocks,
117+
rule.ipv6_cidr_blocks,
118+
rule.prefix_list_ids,
119+
rule.source_security_group_id,
120+
rule.self != null ? "self" : null,
121+
]))) => rule
91122
}
92123
egress_rules = {
93-
for rule in local.compacted_egress_rules:
94-
join("_", compact(flatten([
95-
rule.protocol,
96-
rule.from_port,
97-
rule.to_port,
98-
rule.cidr_blocks,
99-
rule.ipv6_cidr_blocks,
100-
rule.prefix_list_ids,
101-
rule.source_security_group_id,
102-
rule.self != null ? "self" : null,
103-
]))) => rule
124+
for rule in local.compacted_egress_rules :
125+
join("_", compact(flatten([
126+
rule.protocol,
127+
rule.from_port,
128+
rule.to_port,
129+
rule.cidr_blocks,
130+
rule.ipv6_cidr_blocks,
131+
rule.prefix_list_ids,
132+
rule.source_security_group_id,
133+
rule.self != null ? "self" : null,
134+
]))) => rule
104135
}
105136
}
106137

0 commit comments

Comments
 (0)