Skip to content

Commit

Permalink
fix ingress/egress rule counts to be separate
Browse files Browse the repository at this point in the history
  • Loading branch information
@badra001
badra001 committed May 10, 2021
1 parent fa9f1e4 commit 5c71d8e
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 15 deletions.
25 changes: 18 additions & 7 deletions nacl-rules/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,18 +88,29 @@ locals {
action = local.rule_definitions[p[1]][4]
rule_number = local.rule_number }
]
r3 = [for i in range(length(local.r2)) :
r2_in = { for nr in local.r2 : nr.label => nr if ! nr.egress }
r2_out = { for nr in local.r2 : nr.label => nr if nr.egress }
r3_in = [for i in range(length(local.r2_in)) :
merge(
local.r2[i],
tomap({ rule_number = local.r2[i].rule_number + i * local.rule_increment }),
local.r2_in[i],
tomap({ rule_number = local.r2_in[i].rule_number + i * local.rule_increment }),
)
]
r4 = [for v in local.r3 : v.rule_number]
r5 = length(local.r4) > 0 ? max(local.r4...) : null
r3_out = [for i in range(length(local.r2_out)) :
merge(
local.r2_out[i],
tomap({ rule_number = local.r2_out[i].rule_number + i * local.rule_increment }),
)
]
r4_in = [for v in local.r3_in : v.rule_number]
r4_out = [for v in local.r3_out : v.rule_number]
r5_in = length(local.r4_in) > 0 ? max(local.r4_in...) : null
r5_out = length(local.r4_out) > 0 ? max(local.r4_out...) : null
r5 = max(local.r5_in, local.r5_out)
}

resource "aws_network_acl_rule" "in" {
for_each = { for nr in local.r3 : nr.label => nr if ! nr.egress }
for_each = local.r3_in
network_acl_id = var.network_acl_id
rule_number = each.value.rule_number
egress = each.value.egress
Expand All @@ -111,7 +122,7 @@ resource "aws_network_acl_rule" "in" {
}

resource "aws_network_acl_rule" "out" {
for_each = { for nr in local.r3 : nr.label => nr if nr.egress }
for_each = local.r3_out
network_acl_id = var.network_acl_id
rule_number = each.value.rule_number
egress = each.value.egress
Expand Down
17 changes: 9 additions & 8 deletions nacl-rules/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
output "info" {
description = "Information about NACL Rules"
value = {
description = var.rule_description
rule_count = length(local.r4)
first_rule_number = local.rule_number
last_rule_number = local.r5
next_rule_number = local.r5 != null ? local.r5 + local.rule_increment : null
rule_increment = local.rule_increment
cidrs = local.cidr_blocks
rules = local.rules
description = var.rule_description
ingress_rule_count = length(local.r4_in)
egress_rule_count = length(local.r4_out)
first_rule_number = local.rule_number
last_rule_number = local.r5
next_rule_number = local.r5 != null ? local.r5 + local.rule_increment : null
rule_increment = local.rule_increment
cidrs = local.cidr_blocks
rules = local.rules
}
}

0 comments on commit 5c71d8e

Please sign in to comment.