update self port list

terraform-modules · Oct 25, 2021 · 1639f69 · 1639f69
1 parent 29e7608
commit 1639f69
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 9 deletions.
diff --git a/custom/README.md b/custom/README.md
@@ -4,7 +4,10 @@ This describes how to use the aws-common-security-groups submodule for  custom.
 for the common security groups to a set of ports of your own doing.
 
 You will need to provide a `ingress_port_list` list of the details, or a `ingress_port_map` which allows for a cleaner structure.
-This creates an egress rule permitting all outbound access.
+This creates an egress rule permitting all outbound access.  If you provide both, it will combine the lists.
+
+You may also provide `ingress_self_port_list` and/or `ingress_self_port_map`, which contains the same fields
+as the `ingress_port_list` excluding the final `cidr` field.  Again, if both are provided, they will be combined.
 
 # Usage
 ## Port list

diff --git a/custom/defaults.tf b/custom/defaults.tf
@@ -3,5 +3,6 @@ locals {
     name              = "{{ name }}"
     description       = "Security group for application"
     short_description = "SG"
+    self_port_list    = [{ from = 0, to = 0, proto = -1, description = "all" }]
   }
 }
diff --git a/custom/main.tf b/custom/main.tf
@@ -5,7 +5,10 @@
 * for the common security groups to a set of ports of your own doing.
 *
 * You will need to provide a `ingress_port_list` list of the details, or a `ingress_port_map` which allows for a cleaner structure.
-* This creates an egress rule permitting all outbound access.
+* This creates an egress rule permitting all outbound access.  If you provide both, it will combine the lists.
+*
+* You may also provide `ingress_self_port_list` and/or `ingress_self_port_map`, which contains the same fields
+* as the `ingress_port_list` excluding the final `cidr` field.  Again, if both are provided, they will be combined.
 *
 * # Usage
 * ## Port list

diff --git a/custom/ports.tf b/custom/ports.tf
@@ -4,17 +4,14 @@ locals {
   ingress_networks = var.ingress_networks
   egress_networks  = var.egress_networks
 
-  # these are ignored
   ingress_sg = var.ingress_security_groups
   egress_sg  = var.egress_security_groups
 
   p_fields = ["from", "to", "proto", "description", "cidr"]
   p_map    = length(var.ingress_port_list) > 0 ? [for p in local.ports : zipmap(local.p_fields, p)] : var.ingress_port_map
-  port_map = { "external" = local.p_map }
+  port_map = { "external" = compress(concat(local.p_map, var.ingress_port_map)) }
 
-  # ingres
-  #variables.port_list.tf:variable "ingress_self_port_list" {
-  #variables.port_list.tf:variable "ingress_self_port_map" {
-  self_port_list = [{ from = 0, to = 0, proto = -1, description = "all" }]
-  self_ports     = local.self_port_list
+  p_self_fields  = ["from", "to", "proto", "description"]
+  self_port_list = length(var.ingress_self_port_list) > 0 ? [for p in var.ingress_self_port_list : zipmap(local.p_self_fields, p)] : local._defaults["self_port_list"]
+  self_port_map  = compress(concat(local.self_port_list, var.ingress_self_port_map))
 }