65 lines
1.7 KiB
HCL
65 lines
1.7 KiB
HCL
variable "project_id" {
|
|
description = "STACKIT project ID"
|
|
type = string
|
|
}
|
|
|
|
variable "name" {
|
|
description = "Security group name"
|
|
type = string
|
|
}
|
|
|
|
variable "description" {
|
|
description = "Security group description"
|
|
type = string
|
|
default = ""
|
|
}
|
|
|
|
# rule schema
|
|
variable "rules" {
|
|
description = "List of security group rules"
|
|
type = list(object({
|
|
direction = string # ingress | egress
|
|
description = optional(string)
|
|
ether_type = optional(string) # IPv4 | IPv6
|
|
icmp_parameters = optional(object({
|
|
type = optional(number)
|
|
code = optional(number)
|
|
}))
|
|
ip_range = optional(string) # CIDR
|
|
port_range = optional(object({
|
|
min = number
|
|
max = number
|
|
}))
|
|
protocol = optional(object({
|
|
name = optional(string) # tcp | udp | icmp
|
|
number = optional(number) # OR protocol number
|
|
}))
|
|
remote_security_group_id = optional(string)
|
|
}))
|
|
|
|
validation {
|
|
condition = alltrue([
|
|
for r in var.rules : contains(["ingress", "egress"], lower(r.direction))
|
|
])
|
|
error_message = "Each rule.direction must be 'ingress' or 'egress'."
|
|
}
|
|
|
|
validation {
|
|
condition = alltrue([
|
|
for r in var.rules :
|
|
r.ether_type == null ? true : contains(["IPv4", "IPv6"], r.ether_type)
|
|
])
|
|
error_message = "Each rule.ether_type must be 'IPv4' or 'IPv6' when set."
|
|
}
|
|
|
|
# port_range min <= max when provided
|
|
validation {
|
|
condition = alltrue([
|
|
for r in var.rules :
|
|
(
|
|
r.port_range == null ? true : (r.port_range.min <= r.port_range.max)
|
|
)
|
|
])
|
|
error_message = "Each rule.port_range.min must be <= rule.port_range.max."
|
|
}
|
|
}
|