Skip to content

Commit

Permalink
terraform root module - 'public_cidrblock' changes to 'public_cidrblo…
Browse files Browse the repository at this point in the history
…cks' variable so that a list of cidrblocks can be set to restrict 'public' ports
bryan-bar committed Feb 15, 2024
1 parent db52143 commit f81483a
Showing 7 changed files with 11 additions and 11 deletions.
2 changes: 1 addition & 1 deletion edbterraform/data/templates/aws/machine.tf.j2
Original file line number Diff line number Diff line change
@@ -15,7 +15,7 @@ module "machine_{{ region_ }}" {
use_agent = module.spec.base.ssh_key.use_agent
key_name = module.key_pair_{{ region_ }}.key_pair_id
tags = each.value.spec.tags
public_cidrblocks = [var.public_cidrblock]
public_cidrblocks = var.public_cidrblocks
service_cidrblocks = local.service_cidrblocks
internal_cidrblocks = module.spec.region_cidrblocks

4 changes: 2 additions & 2 deletions edbterraform/data/templates/aws/network.tf.j2
Original file line number Diff line number Diff line change
@@ -34,7 +34,7 @@ module "routes_{{ region_ }}" {

subnet_count = length([for a, s in lookup(module.spec.region_zone_networks, "{{ region }}", {}) : a])
vpc_id = module.vpc_{{ region_ }}.vpc_id
public_cidrblock = var.public_cidrblock
public_cidrblock = "0.0.0.0/0" # Allow all routing
cluster_name = module.spec.base.tags.cluster_name
tags = module.spec.base.tags

@@ -51,7 +51,7 @@ module "security_{{ region_ }}" {
vpc_id = module.vpc_{{ region_ }}.vpc_id
cluster_name = module.spec.base.tags.cluster_name
ports = try(module.spec.region_ports["{{ region }}"], [])
public_cidrblocks = [var.public_cidrblock]
public_cidrblocks = var.public_cidrblocks
service_cidrblocks = local.service_cidrblocks
internal_cidrblocks = module.spec.region_cidrblocks
tags = module.spec.base.tags
2 changes: 1 addition & 1 deletion edbterraform/data/templates/azure/machine.tf.j2
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@ module "machine_{{ region_ }}" {
use_agent = module.spec.base.ssh_key.use_agent
name_id = module.spec.hex_id
tags = each.value.spec.tags
public_cidrblocks = [var.public_cidrblock]
public_cidrblocks = var.public_cidrblocks
service_cidrblocks = local.service_cidrblocks
internal_cidrblocks = module.spec.region_cidrblocks

2 changes: 1 addition & 1 deletion edbterraform/data/templates/azure/network.tf.j2
Original file line number Diff line number Diff line change
@@ -43,7 +43,7 @@ module "security_{{ region_ }}" {
region = module.vpc_{{ region_ }}.region
resource_name = module.vpc_{{ region_ }}.resource_name
ports = try(module.spec.region_ports["{{ region }}"], [])
public_cidrblocks = [var.public_cidrblock]
public_cidrblocks = var.public_cidrblocks
service_cidrblocks = local.service_cidrblocks
internal_cidrblocks = module.spec.region_cidrblocks
tags = module.spec.base.tags
2 changes: 1 addition & 1 deletion edbterraform/data/templates/gcloud/machine.tf.j2
Original file line number Diff line number Diff line change
@@ -17,7 +17,7 @@ module "machine_{{ region_ }}" {
subnet_name = module.network_{{ region_ }}[each.value.spec.zone_name].name
name_id = module.spec.hex_id
tags = each.value.spec.tags
public_cidrblocks = [var.public_cidrblock]
public_cidrblocks = var.public_cidrblocks
service_cidrblocks = var.service_cidrblocks
internal_cidrblocks = module.spec.region_cidrblocks

2 changes: 1 addition & 1 deletion edbterraform/data/templates/gcloud/network.tf.j2
Original file line number Diff line number Diff line change
@@ -58,7 +58,7 @@ module "security_{{ region_ }}" {

network_name = module.vpc_{{ region_ }}.vpc_id
ports = try(module.spec.region_ports["{{ region }}"], [])
public_cidrblocks = [var.public_cidrblock]
public_cidrblocks = var.public_cidrblocks
service_cidrblocks = local.service_cidrblocks
internal_cidrblocks = module.spec.region_cidrblocks
region = "{{ region }}"
8 changes: 4 additions & 4 deletions edbterraform/data/terraform/common_vars.tf
Original file line number Diff line number Diff line change
@@ -9,10 +9,10 @@ variable "spec" {
nullable = false
}

variable "public_cidrblock" {
variable "public_cidrblocks" {
description = "Public CIDR block"
type = string
default = "0.0.0.0/0"
type = list(string)
default = ["0.0.0.0/0"]
}

variable "service_cidrblocks" {
@@ -52,7 +52,7 @@ data "http" "instance_ip" {

locals {
# format the ip with the mask to get a valid cidr block
# ex: cidrhost("1.2.3.4/32",0) => 1.2.3.4 | cidrhost("1.2.3.4/24",0) => 1.2.3.0 | cidrhost("1.2.3.4/16",0) => 1.2.0.0 | cidrhost("1.2.3.4/32",0) => 1.0.0.0
# ex: cidrhost("1.2.3.4/32",0) => 1.2.3.4 | cidrhost("1.2.3.4/24",0) => 1.2.3.0 | cidrhost("1.2.3.4/16",0) => 1.2.0.0 | cidrhost("1.2.3.4/8",0) => 1.0.0.0
dynamic_ip = var.force_dynamic_ip ? [
"${cidrhost(
format("%s/%s",

0 comments on commit f81483a

Please sign in to comment.