From fea4a43dccab378d6cb83219cceb457a7da41592 Mon Sep 17 00:00:00 2001 From: Kat Inskip Date: Sun, 9 Jun 2024 12:28:03 -0700 Subject: [PATCH] feat(oci private network): add default route table and security list management --- .../default_route_table.tf | 13 ++++++++++ .../default_security_list.tf | 26 +++++++++++++++++++ .../firewalling_locals.tf | 8 ++++++ .../{nsg.tf => network_security_group.tf} | 9 ------- .../{vcn.tf => virtual_cloud_network.tf} | 0 tf/oci_servers/common.tf | 7 ----- 6 files changed, 47 insertions(+), 16 deletions(-) create mode 100644 tf/oci_common_private_network/default_route_table.tf create mode 100644 tf/oci_common_private_network/default_security_list.tf create mode 100644 tf/oci_common_private_network/firewalling_locals.tf rename tf/oci_common_private_network/{nsg.tf => network_security_group.tf} (89%) rename tf/oci_common_private_network/{vcn.tf => virtual_cloud_network.tf} (100%) diff --git a/tf/oci_common_private_network/default_route_table.tf b/tf/oci_common_private_network/default_route_table.tf new file mode 100644 index 00000000..4dcef31a --- /dev/null +++ b/tf/oci_common_private_network/default_route_table.tf @@ -0,0 +1,13 @@ + +resource "oci_core_default_route_table" "this" { + manage_default_resource_id = oci_core_vcn.this.default_route_table_id + + display_name = oci_core_vcn.this.display_name + + route_rules { + network_entity_id = oci_core_internet_gateway.this.id + + description = "Default route" + destination = "0.0.0.0/0" + } +} \ No newline at end of file diff --git a/tf/oci_common_private_network/default_security_list.tf b/tf/oci_common_private_network/default_security_list.tf new file mode 100644 index 00000000..1a6ad68a --- /dev/null +++ b/tf/oci_common_private_network/default_security_list.tf @@ -0,0 +1,26 @@ +resource "oci_core_default_security_list" "this" { + manage_default_resource_id = local.vcn.default_security_list_id + + dynamic "ingress_security_rules" { + for_each = [22, 80, 443] + iterator = port + content { + protocol = local.protocol_number.tcp + source = "0.0.0.0/0" + + description = "SSH and HTTPS traffic from any origin" + + tcp_options { + max = port.value + min = port.value + } + } + } + + egress_security_rules { + destination = "0.0.0.0/0" + protocol = "all" + + description = "All traffic to any destination" + } +} \ No newline at end of file diff --git a/tf/oci_common_private_network/firewalling_locals.tf b/tf/oci_common_private_network/firewalling_locals.tf new file mode 100644 index 00000000..098efb27 --- /dev/null +++ b/tf/oci_common_private_network/firewalling_locals.tf @@ -0,0 +1,8 @@ +locals { + protocol_number = { + icmp = 1 + icmpv6 = 58 + tcp = 6 + udp = 17 + } +} diff --git a/tf/oci_common_private_network/nsg.tf b/tf/oci_common_private_network/network_security_group.tf similarity index 89% rename from tf/oci_common_private_network/nsg.tf rename to tf/oci_common_private_network/network_security_group.tf index 0ae11614..9fac21e8 100644 --- a/tf/oci_common_private_network/nsg.tf +++ b/tf/oci_common_private_network/network_security_group.tf @@ -5,15 +5,6 @@ resource "oci_core_network_security_group" "this" { display_name = oci_core_vcn.this.display_name } -locals { - protocol_number = { - icmp = 1 - icmpv6 = 58 - tcp = 6 - udp = 17 - } -} - resource "oci_core_network_security_group_security_rule" "icmp_in" { direction = "INGRESS" network_security_group_id = oci_core_network_security_group.this.id diff --git a/tf/oci_common_private_network/vcn.tf b/tf/oci_common_private_network/virtual_cloud_network.tf similarity index 100% rename from tf/oci_common_private_network/vcn.tf rename to tf/oci_common_private_network/virtual_cloud_network.tf diff --git a/tf/oci_servers/common.tf b/tf/oci_servers/common.tf index aa5d9805..bfee92ae 100644 --- a/tf/oci_servers/common.tf +++ b/tf/oci_servers/common.tf @@ -1,11 +1,4 @@ locals { - protocol_number = { - icmp = 1 - icmpv6 = 58 - tcp = 6 - udp = 17 - } - shapes = { flex : "VM.Standard.A1.Flex", micro : "VM.Standard.E2.1.Micro",