-
Notifications
You must be signed in to change notification settings - Fork 2
/
firewallrules.tf
66 lines (53 loc) · 1.6 KB
/
firewallrules.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
terraform {
required_providers {
vcd = {
version = ">= 3.1.0"
source = "vmware/vcd"
}
}
}
#reading csv files with list firewall rules
locals {
firewall_rules = csvdecode(file("${path.module}/rules.csv"))
}
# variables
variable "vcd_user" {}
variable "vcd_pass" {}
variable "vcd_org" {}
variable "vcd_vdc" {}
variable "vcd_url" {}
variable "vcd_allow_unverified_ssl" {
default = true
}
variable "vcd_edge" {}
# Configure the VMware vCloud Director Provider
provider "vcd" {
user = var.vcd_user
password = var.vcd_pass
org = var.vcd_org
vdc = var.vcd_vdc
url = var.vcd_url
allow_unverified_ssl = var.vcd_allow_unverified_ssl
}
# Firewall Rules
resource "vcd_nsxv_firewall_rule" "fw_rules" {
# org = "my-org"
# vdc = "my-vdc"
for_each = {for frule in local.firewall_rules : frule.sequence => frule}
edge_gateway = var.vcd_edge
name = each.value.Name
source {
ip_addresses = each.value.source_addresses != "internal"? [each.value.source_addresses]: null
gateway_interfaces = each.value.source_addresses == "internal" ? [each.value.source_addresses] : null
}
destination {
#ip_addresses = [each.value.destination_addresses]
ip_addresses = each.value.destination_addresses != "internal"? [each.value.destination_addresses]: null
gateway_interfaces = each.value.destination_addresses == "internal" ? [each.value.destination_addresses] : null
}
service {
protocol = each.value.protocols
port = each.value.destination_ports
}
}
#