feat(main): add secgroup and rules to module

README.md

@@ -3,11 +3,16 @@
 Terraform module to deploy a Neutron security-group in a given project.<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ### Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement_terraform) | >= 1.0.0 |
+| <a name="requirement_openstack"></a> [openstack](#requirement_openstack) | ~> 1.54 |
 
 ### Providers
 
-No providers.
+| Name | Version |
+|------|---------|
+| <a name="provider_openstack"></a> [openstack](#provider_openstack) | ~> 1.54 |
 
 ### Modules
 
@@ -15,7 +20,11 @@ No modules.
 
 ### Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [openstack_networking_secgroup_rule_v2.egress](https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/networking_secgroup_rule_v2) | resource |
+| [openstack_networking_secgroup_rule_v2.ingress](https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/networking_secgroup_rule_v2) | resource |
+| [openstack_networking_secgroup_v2.this](https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/networking_secgroup_v2) | resource |
 
 ### Inputs
 
@@ -23,6 +32,8 @@ No resources.
 |------|-------------|------|---------|:--------:|
 | <a name="input_delete_default_rules"></a> [delete_default_rules](#input_delete_default_rules) | Whether or not to delete the default egress rules applied to the security group.<br>Default rules allow egress ipv4 and ipv6 to 0.0.0.0/0. | `bool` | `false` | no |
 | <a name="input_description"></a> [description](#input_description) | Description for the security group. | `string` | `null` | no |
+| <a name="input_egress_rules"></a> [egress_rules](#input_egress_rules) | The list of egress rules to attach to the security group.<br>You can use all regular entries from the openstack_networking_secgroup_rule_v2 resource<br>provided by the openstack provider, except region, which defaults to the region of the provider used,<br>and direction, which defaults to egress.<br>By default, if ethertype is not specified, it will by IPv4. | `map(map(string))` | n/a | yes |
+| <a name="input_ingress_rules"></a> [ingress_rules](#input_ingress_rules) | The list of ingress rules to attach to the security group.<br>You can use all regular entries from the openstack_networking_secgroup_rule_v2 resource<br>provided by the openstack provider, except region, which defaults to the region of the provider used,<br>and direction, which defaults to ingress.<br>By default, if ethertype is not specified, it will by IPv4. | `map(map(string))` | n/a | yes |
 | <a name="input_name"></a> [name](#input_name) | The name of the security group. | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input_tags) | A list of tags (strings) to apply to the security group | `list(string)` | `[]` | no |
 | <a name="input_tenant_id"></a> [tenant_id](#input_tenant_id) | The tenant for which to create the security group.<br>This is only required for admins creating security groups for other tenant. | `string` | `null` | no |

main.tf

@@ -0,0 +1,49 @@
+terraform {
+  required_version = ">= 1.0.0"
+  required_providers {
+    openstack = {
+      source  = "terraform-provider-openstack/openstack"
+      version = "~> 1.54"
+    }
+  }
+}
+
+resource "openstack_networking_secgroup_v2" "this" {
+  name                 = var.name
+  description          = var.description
+  tenant_id            = var.tenant_id
+  delete_default_rules = var.delete_default_rules
+  tags                 = var.tags
+}
+
+resource "openstack_networking_secgroup_rule_v2" "ingress" {
+  for_each = var.ingress_rules
+
+  direction         = "ingress"
+  security_group_id = openstack_networking_secgroup_v2.this.id
+  tenant_id         = var.tenant_id
+
+  description      = try(each.value.description, false) ? each.value.description : null
+  ethertype        = try(each.value.ethertype, false) ? each.value.ethertype : "IPv4"
+  protocol         = try(each.value.protocol, false) ? each.value.protocol : "tcp"
+  port_range_min   = try(each.value.port_range_min, false) ? each.value.port_range_min : null
+  port_range_max   = try(each.value.port_range_max, false) ? each.value.port_range_max : null
+  remote_ip_prefix = try(each.value.remote_ip_prefix, false) ? each.value.remote_ip_prefix : null
+  remote_group_id  = try(each.value.remote_group_id, false) ? each.value.remote_group_id : null
+}
+
+resource "openstack_networking_secgroup_rule_v2" "egress" {
+  for_each = var.egress_rules
+
+  direction         = "egress"
+  security_group_id = openstack_networking_secgroup_v2.this.id
+  tenant_id         = var.tenant_id
+
+  description      = try(each.value.description, false) ? each.value.description : null
+  ethertype        = try(each.value.ethertype, false) ? each.value.ethertype : "IPv4"
+  protocol         = try(each.value.protocol, false) ? each.value.protocol : "tcp"
+  port_range_min   = try(each.value.port_range_min, false) ? each.value.port_range_min : null
+  port_range_max   = try(each.value.port_range_max, false) ? each.value.port_range_max : null
+  remote_ip_prefix = try(each.value.remote_ip_prefix, false) ? each.value.remote_ip_prefix : null
+  remote_group_id  = try(each.value.remote_group_id, false) ? each.value.remote_group_id : null
+}

variables.tf

@@ -9,6 +9,15 @@ variable "description" {
   default     = null
 }
 
+variable "tenant_id" {
+  type        = string
+  description = <<-EOT
+    The tenant for which to create the security group.
+    This is only required for admins creating security groups for other tenant.
+  EOT
+  default     = null
+}
+
 variable "delete_default_rules" {
   type        = bool
   description = <<-EOT
@@ -18,13 +27,26 @@ variable "delete_default_rules" {
   default     = false
 }
 
-variable "tenant_id" {
-  type        = string
+variable "ingress_rules" {
+  type        = map(map(string))
   description = <<-EOT
-    The tenant for which to create the security group.
-    This is only required for admins creating security groups for other tenant.
+    The list of ingress rules to attach to the security group.
+    You can use all regular entries from the openstack_networking_secgroup_rule_v2 resource
+    provided by the openstack provider, except region, which defaults to the region of the provider used,
+    and direction, which defaults to ingress.
+    By default, if ethertype is not specified, it will by IPv4.
+  EOT
+}
+
+variable "egress_rules" {
+  type        = map(map(string))
+  description = <<-EOT
+    The list of egress rules to attach to the security group.
+    You can use all regular entries from the openstack_networking_secgroup_rule_v2 resource
+    provided by the openstack provider, except region, which defaults to the region of the provider used,
+    and direction, which defaults to egress.
+    By default, if ethertype is not specified, it will by IPv4.
   EOT
-  default     = null
 }
 
 variable "tags" {