locals { sg_rule_list = flatten([ for sg_key, sg in var.security_groups : [ for idx, r in sg.rules : merge(r, { sg_key = sg_key uniq = "${sg_key}-${idx}" }) ] ]) flattened_sg_rules = { for r in local.sg_rule_list : r.uniq => r } created_sg_ids = values(stackit_security_group.sg)[*].id all_sg_ids = concat( local.created_sg_ids, var.nic_security_group_ids != null ? var.nic_security_group_ids : [] ) } resource "stackit_network" "this" { project_id = var.project_id name = var.name ipv4_gateway = var.routed == false ? var.ipv4_gateway : null ipv4_nameservers = var.ipv4_nameservers ipv4_prefix = var.ipv4_prefix ipv4_prefix_length = var.ipv4_prefix_length ipv6_gateway = var.routed == false ? var.ipv6_gateway : null ipv6_nameservers = var.ipv6_nameservers ipv6_prefix = var.ipv6_prefix ipv6_prefix_length = var.ipv6_prefix_length labels = var.labels no_ipv4_gateway = var.no_ipv4_gateway no_ipv6_gateway = var.no_ipv6_gateway routed = var.routed } resource "stackit_security_group" "sg" { for_each = var.security_groups project_id = var.project_id name = each.value.name description = each.value.description labels = each.value.labels stateful = each.value.stateful } resource "stackit_security_group_rule" "rule" { for_each = local.flattened_sg_rules project_id = var.project_id security_group_id = stackit_security_group.sg[each.value.sg_key].id direction = each.value.direction description = each.value.description ether_type = each.value.ether_type ip_range = each.value.ip_range protocol = each.value.protocol port_range = each.value.port_range remote_security_group_id = each.value.remote_security_group_id } resource "stackit_network_interface" "static" { count = var.nic_ipv4 == null ? 0 : 1 network_id = stackit_network.this.network_id project_id = var.project_id ipv4 = var.nic_ipv4 labels = var.nic_labels name = var.nic_name != null ? var.nic_name : "${var.name}-nic" security = var.nic_security security_group_ids = var.nic_security ? local.all_sg_ids : null allowed_addresses = var.nic_security ? var.nic_allowed_addresses : null }