From bb841ad2a3ffe722cdd39da700f488de0508be3f Mon Sep 17 00:00:00 2001 From: Maximilian Schlenz Date: Tue, 15 Jul 2025 12:04:25 +0200 Subject: [PATCH] revert to old structure --- example/main.tf | 88 ++++++----- example/terraform.tfvars | 226 ++++++++++++++------------- example/variables.tf | 91 ++++++----- network/main.tf | 24 +-- network/variables.tf | 9 +- project/main.tf | 38 +---- project/output.tf | 4 + project/providers.tf | 9 ++ project/variables.tf | 27 +++- project_old/main.tf | 34 ++++ {project => project_old}/provider.tf | 0 {project => project_old}/sna.tf | 0 project_old/variables.tf | 10 ++ security-group/main.tf | 2 +- security-group/output.tf | 2 +- 15 files changed, 321 insertions(+), 243 deletions(-) create mode 100644 project/output.tf create mode 100644 project/providers.tf create mode 100644 project_old/main.tf rename {project => project_old}/provider.tf (100%) rename {project => project_old}/sna.tf (100%) create mode 100644 project_old/variables.tf diff --git a/example/main.tf b/example/main.tf index c43cdf9..2d6c014 100644 --- a/example/main.tf +++ b/example/main.tf @@ -1,66 +1,78 @@ +module "project" { + source = "../project" + + name = "project-1" + organization_id = var.organization_id + owner_email = "maximilian.schlenz@stackit.cloud" +} + module "security_groups" { source = "../security-group" for_each = var.security_groups - project_id = var.project_id + project_id = module.project.project_id name = each.value.name description = each.value.description rules = each.value.rules } -module "postgres" { - source = "../postgres" +# module "postgres" { +# source = "../postgres" - for_each = var.postgres_instances +# for_each = var.postgres_instances - project_id = var.project_id - name = each.value.name - ver = each.value.version - flavor = each.value.flavor - storage = each.value.storage - replicas = each.value.replicas - acl = each.value.acl - backup_schedule = each.value.backup_schedule - users = each.value.users - databases = each.value.databases -} +# project_id = module.project.project_id +# name = each.value.name +# ver = each.value.version +# flavor = each.value.flavor +# storage = each.value.storage +# replicas = each.value.replicas +# acl = each.value.acl +# backup_schedule = each.value.backup_schedule +# users = each.value.users +# databases = each.value.databases +# } module "net" { - source = "../network" + depends_on = [module.security_groups] + source = "../network" for_each = var.networks - project_id = var.project_id + project_id = module.project.project_id name = each.value.name ipv4_nameservers = each.value.ipv4_nameservers labels = each.value.labels - nic_ipv4 = each.value.nic_ipv4 - nic_name = each.value.nic_name - nic_allowed_addresses = each.value.nic_allowed_addresses - nic_labels = each.value.nic_labels - nic_security = each.value.nic_security - nic_security_group_ids = each.value.nic_security_group_ids + nic_ipv4 = each.value.nic_ipv4 + nic_name = each.value.nic_name + nic_allowed_addresses = each.value.nic_allowed_addresses + nic_labels = each.value.nic_labels + nic_security = each.value.nic_security + + nic_security_group_ids = [ + module.security_groups["ssh_ingress_group"].security_group_id, + ] } -module "ske" { - source = "../ske" +# module "ske" { +# source = "../ske" - for_each = var.ske_clusters +# for_each = var.ske_clusters - project_id = var.project_id - name = each.value.name - kubernetes_version_min = each.value.kubernetes_version_min - node_pools = each.value.node_pools -} +# project_id = module.project.project_id +# name = each.value.name +# kubernetes_version_min = each.value.kubernetes_version_min +# node_pools = each.value.node_pools +# } -module "observability" { - source = "../observability" +# module "observability" { +# source = "../observability" - for_each = var.observability_instances - project_id = var.project_id - name = each.value.name - plan_name = each.value.plan_name -} +# for_each = var.observability_instances +# project_id = module.project.project_id +# name = each.value.name +# plan_name = each.value.plan_name +# } diff --git a/example/terraform.tfvars b/example/terraform.tfvars index c5ac554..ef8304b 100644 --- a/example/terraform.tfvars +++ b/example/terraform.tfvars @@ -1,6 +1,7 @@ -region = "eu01" -service_account_token = "" -# project_id = "b25685da-5954-4382-b654-62abd9f0ef77" +region = "eu01" +service_account_token = "" +project_id = "" +organization_id = "03a34540-3c1a-4794-b2c6-7111ecf824ef" service_account_key_path = "/Users/schlenz/sa-key-dd5fa2c9-1651-4da7-8404-9ac4fe9bc3d5.json" security_groups = { @@ -23,126 +24,129 @@ security_groups = { ] }, - web_traffic_group = { - name = "web-traffic-group" - description = "ALLOW WEB TRAFFIC ingress" - rules = [ - { description = "ALLOW ALL 80" - direction = "ingress" - ether_type = "IPv4" - ip_range = "0.0.0.0/0" - protocol = { - name = "tcp" - } - port_range = { - min = 80 - max = 80 - } - }, - { description = "ALLOW ALL 443" - direction = "ingress" - ether_type = "IPv4" - ip_range = "0.0.0.0/0" - protocol = { - name = "tcp" - } - port_range = { - min = 443 - max = 443 - } - }, - ] - }, + # web_traffic_group = { + # name = "web-traffic-group" + # description = "ALLOW WEB TRAFFIC ingress" + # rules = [ + # { description = "ALLOW ALL 80" + # direction = "ingress" + # ether_type = "IPv4" + # ip_range = "0.0.0.0/0" + # protocol = { + # name = "tcp" + # } + # port_range = { + # min = 80 + # max = 80 + # } + # }, + # { description = "ALLOW ALL 443" + # direction = "ingress" + # ether_type = "IPv4" + # ip_range = "0.0.0.0/0" + # protocol = { + # name = "tcp" + # } + # port_range = { + # min = 443 + # max = 443 + # } + # }, + # ] + # }, } -postgres_instances = { - dev = { - name = "pg-test-instance" - version = 17 - flavor = { - cpu = 2, - ram = 4 - } - storage = { - class = "premium-perf6-stackit", - size = 20 - } - replicas = 1 - acl = ["0.0.0.0/0"] - backup_schedule = "00 00 * * *" +# postgres_instances = { +# dev = { +# name = "pg-test-instance" +# version = 17 +# flavor = { +# cpu = 2, +# ram = 4 +# } +# storage = { +# class = "premium-perf6-stackit", +# size = 20 +# } +# replicas = 1 +# acl = ["0.0.0.0/0"] +# backup_schedule = "00 00 * * *" - users = [ - { username = "admin", - roles = ["login", "createdb"] - }, - { username = "testusr", - roles = ["login"] - } - ] +# users = [ +# { username = "admin", +# roles = ["login", "createdb"] +# }, +# { username = "testusr", +# roles = ["login"] +# } +# ] - databases = [ - { - name = "test_db", - owner = "admin" - } - ] - } -} +# databases = [ +# { +# name = "test_db", +# owner = "admin" +# } +# ] +# } +# } networks = { - web = { - name = "web-net" - ipv4_nameservers = ["1.1.1.1", "8.8.8.8"] - labels = { - env = "prod" - } - } + # web = { + # name = "web-net" + # ipv4_nameservers = ["1.1.1.1", "8.8.8.8"] + # labels = { + # env = "prod" + # } + # } db = { name = "db-net" - nic_ipv4 = "10.0.2.120" - nic_security = false + nic_ipv4 = "10.0.0.126" + nic_security = true + security_groups = { + + } } } -ske_clusters = { - dev = { - name = "dev-cluster" - kubernetes_version_min = "1.31" - node_pools = [ - { name = "default" - machine_type = "c2.1" - availability_zones = ["eu01-1", "eu01-2"] - volume_size = 40 - minimum = 1 - maximum = 3 - } - ] - } +# ske_clusters = { +# dev = { +# name = "dev-cluster" +# kubernetes_version_min = "1.31" +# node_pools = [ +# { name = "default" +# machine_type = "c2.1" +# availability_zones = ["eu01-1", "eu01-2"] +# volume_size = 40 +# minimum = 1 +# maximum = 3 +# } +# ] +# } - staging = { - name = "staging-cluster" - kubernetes_version_min = "1.31" - node_pools = [ - { name = "general" - machine_type = "c2.2" - availability_zones = ["eu03-1", "eu03-2"] - volume_size = 80 - minimum = 2 - maximum = 4 - } - ] - } -} +# staging = { +# name = "staging-cluster" +# kubernetes_version_min = "1.31" +# node_pools = [ +# { name = "general" +# machine_type = "c2.2" +# availability_zones = ["eu03-1", "eu03-2"] +# volume_size = 80 +# minimum = 2 +# maximum = 4 +# } +# ] +# } +# } -observability_instances = { - starter = { - name = "Observability-1" - plan_name = "Observability-Starter-EU01" - } +# observability_instances = { +# starter = { +# name = "Observability-1" +# plan_name = "Observability-Starter-EU01" +# } - prod = { - name = "Observability-2" - plan_name = "Observability-Large-EU01" - } -} +# prod = { +# name = "Observability-2" +# plan_name = "Observability-Large-EU01" +# } +# } diff --git a/example/variables.tf b/example/variables.tf index 4c9ea43..be98dee 100644 --- a/example/variables.tf +++ b/example/variables.tf @@ -20,6 +20,17 @@ variable "service_account_key_path" { default = "" } +variable "organization_id" { + description = "Organization ID" + type = string +} + +variable "owner_email" { + description = "Email of the project owner" + type = string + default = null +} + variable "security_groups" { type = map(object({ name = optional(string) @@ -46,25 +57,25 @@ variable "security_groups" { })) } -variable "postgres_instances" { - type = map(object({ - name = string - version = number - flavor = object({ cpu = number, ram = number }) - storage = object({ class = string, size = number }) - replicas = number - acl = list(string) - backup_schedule = string - users = list(object({ - username = string - roles = set(string) - })) - databases = list(object({ - name = string - owner = string - })) - })) -} +# variable "postgres_instances" { +# type = map(object({ +# name = string +# version = number +# flavor = object({ cpu = number, ram = number }) +# storage = object({ class = string, size = number }) +# replicas = number +# acl = list(string) +# backup_schedule = string +# users = list(object({ +# username = string +# roles = set(string) +# })) +# databases = list(object({ +# name = string +# owner = string +# })) +# })) +# } variable "networks" { type = map(object({ @@ -74,7 +85,7 @@ variable "networks" { labels = optional(map(string)) nic_ipv4 = optional(string) - nic_name = optional(string) + nic_name = optional(string) nic_allowed_addresses = optional(list(string)) nic_labels = optional(map(string)) @@ -83,24 +94,24 @@ variable "networks" { })) } -variable "ske_clusters" { - type = map(object({ - name = string - kubernetes_version_min = string - node_pools = list(object({ - name = string - machine_type = string - availability_zones = list(string) - volume_size = number - minimum = number - maximum = number - })) - })) -} +# variable "ske_clusters" { +# type = map(object({ +# name = string +# kubernetes_version_min = string +# node_pools = list(object({ +# name = string +# machine_type = string +# availability_zones = list(string) +# volume_size = number +# minimum = number +# maximum = number +# })) +# })) +# } -variable "observability_instances" { - type = map(object({ - name = string - plan_name = string - })) -} +# variable "observability_instances" { +# type = map(object({ +# name = string +# plan_name = string +# })) +# } diff --git a/network/main.tf b/network/main.tf index 1eae91a..b010a34 100644 --- a/network/main.tf +++ b/network/main.tf @@ -2,18 +2,18 @@ resource "stackit_network" "this" { project_id = var.project_id name = var.name - ipv4_gateway = var.routed == false ? var.ipv4_gateway : null - ipv4_nameservers = var.ipv4_nameservers - ipv4_prefix = var.ipv4_prefix - ipv4_prefix_length = var.ipv4_prefix_length - ipv6_gateway = var.routed == false ? var.ipv6_gateway : null - ipv6_nameservers = var.ipv6_nameservers - ipv6_prefix = var.ipv6_prefix - ipv6_prefix_length = var.ipv6_prefix_length - labels = var.labels - no_ipv4_gateway = var.no_ipv4_gateway - no_ipv6_gateway = var.no_ipv6_gateway - routed = var.routed + ipv4_gateway = var.routed == false ? var.ipv4_gateway : null + ipv4_nameservers = var.ipv4_nameservers + ipv4_prefix = var.ipv4_prefix + ipv4_prefix_length = var.ipv4_prefix_length + ipv6_gateway = var.routed == false ? var.ipv6_gateway : null + ipv6_nameservers = var.ipv6_nameservers + ipv6_prefix = var.ipv6_prefix + ipv6_prefix_length = var.ipv6_prefix_length + labels = var.labels + no_ipv4_gateway = var.no_ipv4_gateway + no_ipv6_gateway = var.no_ipv6_gateway + routed = var.routed } resource "stackit_network_interface" "static" { diff --git a/network/variables.tf b/network/variables.tf index d41ef18..dd0dad5 100644 --- a/network/variables.tf +++ b/network/variables.tf @@ -87,8 +87,8 @@ variable "nic_name" { } variable "nic_security" { - type = bool - default = false + type = bool + default = false nullable = false } @@ -96,3 +96,8 @@ variable "nic_security_group_ids" { type = list(string) default = [] } + +variable "nic_security_group_names" { + type = list(string) + default = [] +} \ No newline at end of file diff --git a/project/main.tf b/project/main.tf index 58176f0..bc13502 100644 --- a/project/main.tf +++ b/project/main.tf @@ -1,34 +1,6 @@ -variable "projects" { - type = map(object({ - name = string - owner_email = string - })) - default = { - project1 = { - name = "project-alpha" - owner_email = "michael.sodan@stackit.cloud" - } - project2 = { - name = "project-beta" - owner_email = "michael.sodan@stackit.cloud" - } - } +resource "stackit_resourcemanager_project" "this" { + parent_container_id = var.organization_id + name = var.name + labels = var.labels + owner_email = var.owner_email } - -resource "stackit_resourcemanager_project" "projects" { - for_each = var.projects - parent_container_id = var.organization_id # Nutzt jetzt die übergebene Variable - name = each.value.name - owner_email = each.value.owner_email - # labels = { ... } # Vorerst entfernt, da stackit_network_area nicht definiert war -} - -output "project_info" { - value = { - for k, project in stackit_resourcemanager_project.projects : k => { - project_id = project.project_id - container_id = project.container_id - } - } -} - diff --git a/project/output.tf b/project/output.tf new file mode 100644 index 0000000..67fb6c5 --- /dev/null +++ b/project/output.tf @@ -0,0 +1,4 @@ +output "project_id" { + value = stackit_resourcemanager_project.this.id + description = "ID of the project" +} \ No newline at end of file diff --git a/project/providers.tf b/project/providers.tf new file mode 100644 index 0000000..6e038c3 --- /dev/null +++ b/project/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.9.0" + required_providers { + stackit = { + source = "stackitcloud/stackit" + version = "0.56.0" + } + } +} diff --git a/project/variables.tf b/project/variables.tf index 6a8400f..ff96a41 100644 --- a/project/variables.tf +++ b/project/variables.tf @@ -1,10 +1,27 @@ variable "organization_id" { - description = "Empfängt die Container-ID der Organisation vom Root-Modul." - type = string + type = string } -variable "sna_net" { - description = "SNA Transfer Network" - type = string +variable "name" { + type = string } +variable "description" { + type = string + default = null +} + +variable "labels" { + type = map(string) + default = {} +} + +variable "project_id" { + type = string + default = null +} + +variable "owner_email" { + type = string + default = null +} diff --git a/project_old/main.tf b/project_old/main.tf new file mode 100644 index 0000000..58176f0 --- /dev/null +++ b/project_old/main.tf @@ -0,0 +1,34 @@ +variable "projects" { + type = map(object({ + name = string + owner_email = string + })) + default = { + project1 = { + name = "project-alpha" + owner_email = "michael.sodan@stackit.cloud" + } + project2 = { + name = "project-beta" + owner_email = "michael.sodan@stackit.cloud" + } + } +} + +resource "stackit_resourcemanager_project" "projects" { + for_each = var.projects + parent_container_id = var.organization_id # Nutzt jetzt die übergebene Variable + name = each.value.name + owner_email = each.value.owner_email + # labels = { ... } # Vorerst entfernt, da stackit_network_area nicht definiert war +} + +output "project_info" { + value = { + for k, project in stackit_resourcemanager_project.projects : k => { + project_id = project.project_id + container_id = project.container_id + } + } +} + diff --git a/project/provider.tf b/project_old/provider.tf similarity index 100% rename from project/provider.tf rename to project_old/provider.tf diff --git a/project/sna.tf b/project_old/sna.tf similarity index 100% rename from project/sna.tf rename to project_old/sna.tf diff --git a/project_old/variables.tf b/project_old/variables.tf new file mode 100644 index 0000000..6a8400f --- /dev/null +++ b/project_old/variables.tf @@ -0,0 +1,10 @@ +variable "organization_id" { + description = "Empfängt die Container-ID der Organisation vom Root-Modul." + type = string +} + +variable "sna_net" { + description = "SNA Transfer Network" + type = string +} + diff --git a/security-group/main.tf b/security-group/main.tf index 17a4dba..3098cf0 100644 --- a/security-group/main.tf +++ b/security-group/main.tf @@ -13,7 +13,7 @@ resource "stackit_security_group_rule" "rule" { direction = var.rules[count.index].direction project_id = var.project_id - security_group_id = stackit_security_group.this.id + security_group_id = stackit_security_group.this.security_group_id description = var.rules[count.index].description ether_type = var.rules[count.index].ether_type diff --git a/security-group/output.tf b/security-group/output.tf index bf320d2..b172314 100644 --- a/security-group/output.tf +++ b/security-group/output.tf @@ -5,4 +5,4 @@ output "security_group_id" { output "rule_ids" { value = stackit_security_group_rule.rule[*].id -} \ No newline at end of file +}