feature-#224-Implement ingress_with_prefix_list_ids and egress_with_prefix_list_ids

Samuel CHNIBER · andyshinn · commit bca1ce6ab31e · 2022-09-20T14:50:44.000-05:00
diff --git a/main.tf b/main.tf
@@ -430,6 +430,67 @@ resource "aws_security_group_rule" "computed_ingress_with_self" {
     var.rules[lookup(var.computed_ingress_with_self[count.index], "rule", "_")][2],
   )
 }
+# Security group rules with "prefix_list_ids", but without "cidr_blocks", "self" or "source_security_group_id"
+resource "aws_security_group_rule" "ingress_with_prefix_list_ids" {
+  count = var.create ? length(var.ingress_with_prefix_list_ids) : 0
+
+  security_group_id = local.this_sg_id
+  type              = "ingress"
+
+  prefix_list_ids = var.ingress_prefix_list_ids
+  description = lookup(
+    var.ingress_with_prefix_list_ids[count.index],
+    "description",
+    "Ingress Rule",
+  )
+
+  from_port = lookup(
+    var.ingress_with_prefix_list_ids[count.index],
+    "from_port",
+    var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][0],
+  )
+  to_port = lookup(
+    var.ingress_with_prefix_list_ids[count.index],
+    "to_port",
+    var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][1],
+  )
+  protocol = lookup(
+    var.ingress_with_prefix_list_ids[count.index],
+    "protocol",
+    var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][2],
+  )
+}
+
+# Computed - Security group rules with "prefix_list_ids", but without "cidr_blocks", "self" or "source_security_group_id"
+resource "aws_security_group_rule" "computed_ingress_with_prefix_list_ids" {
+  count = var.create ? var.number_of_computed_ingress_with_prefix_list_ids : 0
+
+  security_group_id = local.this_sg_id
+  type              = "ingress"
+
+  prefix_list_ids = var.ingress_prefix_list_ids
+  description = lookup(
+    var.ingress_with_prefix_list_ids[count.index],
+    "description",
+    "Ingress Rule",
+  )
+
+  from_port = lookup(
+    var.ingress_with_prefix_list_ids[count.index],
+    "from_port",
+    var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][0],
+  )
+  to_port = lookup(
+    var.ingress_with_prefix_list_ids[count.index],
+    "to_port",
+    var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][1],
+  )
+  protocol = lookup(
+    var.ingress_with_prefix_list_ids[count.index],
+    "protocol",
+    var.rules[lookup(var.ingress_with_prefix_list_ids[count.index], "rule", "_")][2],
+  )
+}
 
 #################
 # End of ingress
@@ -807,6 +868,93 @@ resource "aws_security_group_rule" "computed_egress_with_self" {
   )
 }
 
+# Security group rules with "egress_prefix_list_ids", but without "cidr_blocks", "self" or "source_security_group_id"
+resource "aws_security_group_rule" "egress_with_prefix_list_ids" {
+  count = var.create ? length(var.egress_with_prefix_list_ids) : 0
+
+  security_group_id = local.this_sg_id
+  type              = "egress"
+
+  prefix_list_ids = var.egress_prefix_list_ids
+  description = lookup(
+    var.egress_with_prefix_list_ids[count.index],
+    "description",
+    "Egress Rule",
+  )
+
+  from_port = lookup(
+    var.egress_with_prefix_list_ids[count.index],
+    "from_port",
+    var.rules[lookup(
+      var.egress_with_prefix_list_ids[count.index],
+      "rule",
+      "_",
+    )][0],
+  )
+  to_port = lookup(
+    var.egress_with_prefix_list_ids[count.index],
+    "to_port",
+    var.rules[lookup(
+      var.egress_with_prefix_list_ids[count.index],
+      "rule",
+      "_",
+    )][1],
+  )
+  protocol = lookup(
+    var.egress_with_prefix_list_ids[count.index],
+    "protocol",
+    var.rules[lookup(
+      var.egress_with_prefix_list_ids[count.index],
+      "rule",
+      "_",
+    )][2],
+  )
+}
+
+# Computed - Security group rules with "source_security_group_id", but without "cidr_blocks", "self" or "source_security_group_id"
+resource "aws_security_group_rule" "computed_egress_with_prefix_list_ids" {
+  count = var.create ? var.number_of_computed_egress_with_prefix_list_ids : 0
+
+  security_group_id = local.this_sg_id
+  type              = "egress"
+
+  source_security_group_id = var.computed_egress_with_prefix_list_ids[count.index]["source_security_group_id"]
+  prefix_list_ids          = var.egress_prefix_list_ids
+  description = lookup(
+    var.computed_egress_with_prefix_list_ids[count.index],
+    "description",
+    "Egress Rule",
+  )
+
+  from_port = lookup(
+    var.computed_egress_with_prefix_list_ids[count.index],
+    "from_port",
+    var.rules[lookup(
+      var.computed_egress_with_prefix_list_ids[count.index],
+      "rule",
+      "_",
+    )][0],
+  )
+  to_port = lookup(
+    var.computed_egress_with_prefix_list_ids[count.index],
+    "to_port",
+    var.rules[lookup(
+      var.computed_egress_with_prefix_list_ids[count.index],
+      "rule",
+      "_",
+    )][1],
+  )
+  protocol = lookup(
+    var.computed_egress_with_prefix_list_ids[count.index],
+    "protocol",
+    var.rules[lookup(
+      var.computed_egress_with_prefix_list_ids[count.index],
+      "rule",
+      "_",
+    )][2],
+  )
+}
+
 ################
 # End of egress
 ################
diff --git a/variables.tf b/variables.tf
@@ -118,6 +118,12 @@ variable "ingress_prefix_list_ids" {
   default     = []
 }
 
+variable "ingress_with_prefix_list_ids" {
+  description = "List of ingress rules to create where 'prefix_list_ids' is used only"
+  type        = list(map(string))
+  default     = []
+}
+
 ###################
 # Computed Ingress
 ###################
@@ -151,6 +157,12 @@ variable "computed_ingress_with_source_security_group_id" {
   default     = []
 }
 
+variable "computed_ingress_with_prefix_list_ids" {
+  description = "List of computed ingress rules to create where 'prefix_list_ids' is used"
+  type        = list(map(string))
+  default     = []
+}
+
 ###################################
 # Number of computed ingress rules
 ###################################
@@ -184,6 +196,12 @@ variable "number_of_computed_ingress_with_source_security_group_id" {
   default     = 0
 }
 
+variable "number_of_computed_ingress_with_prefix_list_ids" {
+  description = "Number of computed ingress rules to create where 'prefix_list_ids' is used"
+  type        = number
+  default     = 0
+}
+
 #########
 # Egress
 #########
@@ -217,6 +235,12 @@ variable "egress_with_source_security_group_id" {
   default     = []
 }
 
+variable "egress_with_prefix_list_ids" {
+  description = "List of egress rules to create where 'prefix_list_ids' is used only"
+  type        = list(map(string))
+  default     = []
+}
+
 variable "egress_cidr_blocks" {
   description = "List of IPv4 CIDR ranges to use on all egress rules"
   type        = list(string)
@@ -268,6 +292,12 @@ variable "computed_egress_with_source_security_group_id" {
   default     = []
 }
 
+variable "computed_egress_with_prefix_list_ids" {
+  description = "List of computed egress rules to create where 'prefix_list_ids' is used only"
+  type        = list(map(string))
+  default     = []
+}
+
 ##################################
 # Number of computed egress rules
 ##################################
@@ -301,6 +331,12 @@ variable "number_of_computed_egress_with_source_security_group_id" {
   default     = 0
 }
 
+variable "number_of_computed_egress_with_prefix_list_ids" {
+  description = "Number of computed egress rules to create where 'prefix_list_ids' is used only"
+  type        = number
+  default     = 0
+}
+
 variable "putin_khuylo" {
   description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
   type        = bool
