From 3a41f0d302c68cbe9e180a7b0d4947255af365fa Mon Sep 17 00:00:00 2001
From: Maximilian Schlenz <maximilian.schlenz@stackit.cloud>
Date: Fri, 4 Jul 2025 14:57:27 +0200
Subject: [PATCH] add module for security-group and security-group-rule

---
 security-group-rule/main.tf      | 19 ++++++++++++++++
 security-group-rule/output.tf    |  3 +++
 security-group-rule/providers.tf |  9 ++++++++
 security-group-rule/variables.tf | 39 ++++++++++++++++++++++++++++++++
 security-group/main.tf           |  5 ++++
 security-group/output.tf         |  7 ++++++
 security-group/providers.tf      |  9 ++++++++
 security-group/variables.tf      | 12 ++++++++++
 8 files changed, 103 insertions(+)
 create mode 100644 security-group-rule/main.tf
 create mode 100644 security-group-rule/output.tf
 create mode 100644 security-group-rule/providers.tf
 create mode 100644 security-group-rule/variables.tf
 create mode 100644 security-group/main.tf
 create mode 100644 security-group/output.tf
 create mode 100644 security-group/providers.tf
 create mode 100644 security-group/variables.tf

diff --git a/security-group-rule/main.tf b/security-group-rule/main.tf
new file mode 100644
index 0000000..b7abf70
--- /dev/null
+++ b/security-group-rule/main.tf
@@ -0,0 +1,19 @@
+locals {
+  rule_count = length(var.rules)
+}
+
+resource "stackit_security_group_rule" "this" {
+  count = local.rule_count
+
+  project_id        = var.project_id
+  security_group_id = var.security_group_id
+
+  direction                = var.rules[count.index].direction
+  description              = var.rules[count.index].description
+  ether_type               = var.rules[count.index].ether_type
+  icmp_parameters          = var.rules[count.index].icmp_parameters
+  ip_range                 = var.rules[count.index].ip_range
+  port_range               = var.rules[count.index].port_range
+  protocol                 = var.rules[count.index].protocol
+  remote_security_group_id = var.rules[count.index].remote_security_group_id
+}
diff --git a/security-group-rule/output.tf b/security-group-rule/output.tf
new file mode 100644
index 0000000..d36affc
--- /dev/null
+++ b/security-group-rule/output.tf
@@ -0,0 +1,3 @@
+output "rule_ids" {
+  value = stackit_security_group_rule.this[*].id
+}
diff --git a/security-group-rule/providers.tf b/security-group-rule/providers.tf
new file mode 100644
index 0000000..6e038c3
--- /dev/null
+++ b/security-group-rule/providers.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.9.0"
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = "0.56.0"
+    }
+  }
+}
diff --git a/security-group-rule/variables.tf b/security-group-rule/variables.tf
new file mode 100644
index 0000000..04221b5
--- /dev/null
+++ b/security-group-rule/variables.tf
@@ -0,0 +1,39 @@
+variable "project_id" {
+  type = string
+}
+
+variable "security_group_id" {
+  type = string
+}
+
+variable "rules" {
+  type = list(object({
+    direction   = string
+    description = optional(string)
+    ether_type  = optional(string)
+    icmp_parameters = optional(object({
+      type = optional(number)
+      code = optional(number)
+    }))
+    ip_range = optional(string)
+    port_range = optional(object({
+      min = number
+      max = number
+    }))
+    protocol = optional(object({
+      name   = optional(string)
+      number = optional(number)
+    }))
+    remote_security_group_id = optional(string)
+  }))
+  default = []
+
+  validation {
+    condition = alltrue([
+      for rule in var.rules : contains(["ingress", "egress"], rule.direction)
+      # ... need more validations 
+    ])
+    error_message = "Direction must be either \"ingress\" or \"egress\"."
+  }
+}
+
diff --git a/security-group/main.tf b/security-group/main.tf
new file mode 100644
index 0000000..a0e124c
--- /dev/null
+++ b/security-group/main.tf
@@ -0,0 +1,5 @@
+resource "stackit_security_group" "this" {
+  project_id  = var.project_id
+  name        = var.name
+  description = var.description == null ? var.name : var.description
+}
diff --git a/security-group/output.tf b/security-group/output.tf
new file mode 100644
index 0000000..b2d7334
--- /dev/null
+++ b/security-group/output.tf
@@ -0,0 +1,7 @@
+output "id" {
+  value = stackit_security_group.this.security_group_id
+}
+
+output "name" {
+  value = stackit_security_group.this.name
+}
\ No newline at end of file
diff --git a/security-group/providers.tf b/security-group/providers.tf
new file mode 100644
index 0000000..6e038c3
--- /dev/null
+++ b/security-group/providers.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.9.0"
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = "0.56.0"
+    }
+  }
+}
diff --git a/security-group/variables.tf b/security-group/variables.tf
new file mode 100644
index 0000000..9d74987
--- /dev/null
+++ b/security-group/variables.tf
@@ -0,0 +1,12 @@
+variable "project_id" {
+  type = string
+}
+
+variable "name" {
+  type = string
+}
+
+variable "description" {
+  type    = string
+  default = null
+}
\ No newline at end of file