add logic for nic, nic w. custom ipv4, creation of and attachement of sec grps to nic

2025-07-15 15:42:38 +02:00 · 2025-07-15 15:42:38 +02:00 · 7345619f23
commit 7345619f23
parent bb841ad2a3
13 changed files with 270 additions and 107 deletions
--- a/network/main.tf
+++ b/network/main.tf
@ -1,31 +1,41 @@
 resource "stackit_network" "this" {
-  project_id = var.project_id
-  name       = var.name
+  project_id         = var.project_id
+  name               = var.name
+  labels             = var.labels

-  ipv4_gateway       = var.routed == false ? var.ipv4_gateway : null
+  # IPv4 settings
+  ipv4_gateway       = var.ipv4_gateway
  ipv4_nameservers   = var.ipv4_nameservers
  ipv4_prefix        = var.ipv4_prefix
  ipv4_prefix_length = var.ipv4_prefix_length
-  ipv6_gateway       = var.routed == false ? var.ipv6_gateway : null
+
+  # IPv6 settings
+  ipv6_gateway       = var.ipv6_gateway
  ipv6_nameservers   = var.ipv6_nameservers
  ipv6_prefix        = var.ipv6_prefix
  ipv6_prefix_length = var.ipv6_prefix_length
-  labels             = var.labels
-  no_ipv4_gateway    = var.no_ipv4_gateway
-  no_ipv6_gateway    = var.no_ipv6_gateway
-  routed             = var.routed
+
+  no_ipv4_gateway  = var.no_ipv4_gateway
+  no_ipv6_gateway  = var.no_ipv6_gateway
+  routed           = var.routed
 }

-resource "stackit_network_interface" "static" {
-  count = var.nic_ipv4 == null ? 0 : 1
+resource "stackit_network_interface" "nics" {
+  for_each = var.nics != null ? var.nics : {}

-  network_id = stackit_network.this.network_id
  project_id = var.project_id
-
-  ipv4               = var.nic_ipv4
-  labels             = var.nic_labels
-  name               = var.nic_name != null ? var.nic_name : "${var.name}-nic"
-  security           = var.nic_security
-  security_group_ids = var.nic_security ? var.nic_security_group_ids : null
-  allowed_addresses  = var.nic_security ? var.nic_allowed_addresses : null
+  network_id = stackit_network.this.network_id
+  
+  name               = each.value.nic_name
+  ipv4               = each.value.nic_ipv4
+  allowed_addresses  = each.value.nic_allowed_addresses
+  labels             = each.value.nic_labels
+  security           = each.value.nic_security
+  security_group_ids = (
+    each.value.nic_security_group_ids != null ? each.value.nic_security_group_ids :
+    each.value.nic_security_group_names != null ? 
+    [for name in each.value.nic_security_group_names : var.security_group_ids_by_name[name]] 
+    : []
+  )
 }
+
--- a/network/output.tf
+++ b/network/output.tf
@ -0,0 +1,9 @@
+output "network_id" {
+  description = "Network ID"
+  value       = stackit_network.this.network_id
+}
+
+output "network_name" {
+  description = "Network name"
+  value       = stackit_network.this.name
+}
--- a/network/providers.tf
+++ b/network/providers.tf
@ -1,10 +1,9 @@
-
 terraform {
  required_version = ">= 1.9.0"
  required_providers {
    stackit = {
      source  = "stackitcloud/stackit"
-      version = "0.56.0"
+      version = "0.54.0"
    }
  }
 }
--- a/network/variables.tf
+++ b/network/variables.tf
@ -63,7 +63,7 @@ variable "no_ipv6_gateway" {

 variable "routed" {
  type    = bool
-  default = true
+  # default = true
 }

 variable "nic_allowed_addresses" {
@ -97,7 +97,20 @@ variable "nic_security_group_ids" {
  default = []
 }

-variable "nic_security_group_names" {
-  type    = list(string)
-  default = []
-}
+variable "nics" {
+  type = map(object({
+    nic_ipv4                 = optional(string)
+    nic_name                 = optional(string)
+    nic_allowed_addresses    = optional(list(string))
+    nic_labels               = optional(map(string))
+    nic_security             = optional(bool)
+    nic_security_group_ids   = optional(list(string))
+    nic_security_group_names = optional(list(string))
+  }))
+  default = {}
+}
+
+variable "security_group_ids_by_name" {
+  description = "Map of security-group names -> IDs"
+  type        = map(string)
+}