-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathlocals.tf
90 lines (82 loc) · 3.34 KB
/
locals.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# ------------------------------------------------------------------------------
# Trivadis - Part of Accenture, Platform Factory - Data Platforms
# Saegereistrasse 29, 8152 Glattbrugg, Switzerland
# ------------------------------------------------------------------------------
# Name.......: locals.tf
# Author.....: Stefan Oehrli (oes) [email protected]
# Editor.....: Stefan Oehrli
# Date.......: 2023.04.19
# Revision...:
# Purpose....: Local variables for the terraform module tvdlab vcn.
# Notes......: --
# Reference..: --
# License....: Apache License Version 2.0, January 2004 as shown
# at http://www.apache.org/licenses/
# ------------------------------------------------------------------------------
locals {
all_protocols = "all"
icmp_protocol = 1
tcp_protocol = 6
udp_protocol = 17
dns_port = 53
ingress_rule_ssh = [{
port = var.inbound_ssh_port
protocol = local.tcp_protocol
description = "Allow inbound SSH traffic"
}]
ingress_rule_vpn = [{
port = var.inbound_vpn_port
protocol = local.tcp_protocol
description = "Allow inbound OpenVPN traffic"
}]
ingress_rule_http = [{
port = var.inbound_https_port
protocol = local.tcp_protocol
description = "Allow inbound HTTPS traffic"
},
{
port = var.inbound_http_port
protocol = local.tcp_protocol
description = "Allow inbound HTTPS traffic"
}]
ingress_rule_mosh = [{
port = var.inbound_mosh_port
protocol = local.tcp_protocol
description = "Allow inbound MOSH traffic"
}]
ingress_rules = concat([],
var.inbound_ssh_access == true ? local.ingress_rule_ssh : [],
var.inbound_http_access == true ? local.ingress_rule_http : [],
var.inbound_vpn_access == true ? local.ingress_rule_vpn : [],
var.inbound_mosh_access == true ? local.ingress_rule_mosh : [])
egress_rule_http = [{
min = var.outbound_https_port
max = var.outbound_https_port
protocol = local.tcp_protocol
description = "Allow outbound HTTPS traffic"
},
{
min = var.outbound_http_port
max = var.outbound_http_port
protocol = local.tcp_protocol
description = "Allow outbound HTTP traffic"
}]
egress_rule_port_range = [{
min = var.outbound_port_range_min
max = var.outbound_port_range_max
protocol = local.tcp_protocol
description = "Allow outbound TCP port range"
}]
engress_rules = concat([],
var.outbound_port_range == true ? local.egress_rule_port_range : [],
var.outbound_http_access == true ? local.egress_rule_http : [])
anywhere = "0.0.0.0/0"
resource_name = var.resource_name == "" ? data.oci_identity_compartment.compartment.name : var.resource_name
resource_shortname = lower(replace(local.resource_name, "-", ""))
public_dns_label = "public"
private_dns_label = "private"
default_private_dns = cidrhost(cidrsubnet(var.vcn_cidr, var.private_newbits, var.private_netnum), var.lab_dns_hostnum)
lab_private_dns = var.lab_private_dns == "default" ? local.default_private_dns : var.lab_private_dns
custom_dns_servers = length(var.custom_dns_servers) == 0 ? [local.lab_private_dns, var.lab_public_dns] : var.custom_dns_servers
}
# --- EOF ----------------------------------------------------------------------