diff --git a/.gitignore b/.gitignore index 67dc768..07c2c36 100644 --- a/.gitignore +++ b/.gitignore @@ -59,4 +59,6 @@ test/go.sum README-generated.md /TestRecord -**/TestRecord.md.tmp \ No newline at end of file +**/TestRecord.md.tmp + +tfvmmakefile \ No newline at end of file diff --git a/main.tf b/main.tf index b7b9a8c..f569100 100644 --- a/main.tf +++ b/main.tf @@ -25,18 +25,18 @@ resource "azurerm_network_security_group" "nsg" { resource "azurerm_network_security_rule" "predefined_rules" { count = var.use_for_each ? 0 : length(var.predefined_rules) - access = element(var.rules[lookup(var.predefined_rules[count.index], "name")], 1) - direction = element(var.rules[lookup(var.predefined_rules[count.index], "name")], 0) - name = lookup(var.predefined_rules[count.index], "name") + access = element(var.rules[var.predefined_rules[count.index]["name"]], 1) + direction = element(var.rules[var.predefined_rules[count.index]["name"]], 0) + name = var.predefined_rules[count.index]["name"] network_security_group_name = azurerm_network_security_group.nsg.name priority = lookup(var.predefined_rules[count.index], "priority", 4096 - length(var.predefined_rules) + count.index) - protocol = element(var.rules[lookup(var.predefined_rules[count.index], "name")], 2) + protocol = element(var.rules[var.predefined_rules[count.index]["name"]], 2) resource_group_name = data.azurerm_resource_group.nsg.name - description = element(var.rules[lookup(var.predefined_rules[count.index], "name")], 5) + description = element(var.rules[var.predefined_rules[count.index]["name"]], 5) destination_address_prefix = lookup(var.predefined_rules[count.index], "destination_application_security_group_ids", null) == null && var.destination_address_prefixes == null ? join(",", var.destination_address_prefix) : null destination_address_prefixes = lookup(var.predefined_rules[count.index], "destination_application_security_group_ids", null) == null ? var.destination_address_prefixes : null destination_application_security_group_ids = lookup(var.predefined_rules[count.index], "destination_application_security_group_ids", null) - destination_port_range = element(var.rules[lookup(var.predefined_rules[count.index], "name")], 4) + destination_port_range = element(var.rules[var.predefined_rules[count.index]["name"]], 4) source_address_prefix = lookup(var.predefined_rules[count.index], "source_application_security_group_ids", null) == null && var.source_address_prefixes == null ? join(",", var.source_address_prefix) : null source_address_prefixes = lookup(var.predefined_rules[count.index], "source_application_security_group_ids", null) == null ? var.source_address_prefixes : null source_application_security_group_ids = lookup(var.predefined_rules[count.index], "source_application_security_group_ids", null) @@ -47,18 +47,18 @@ resource "azurerm_network_security_rule" "predefined_rules" { resource "azurerm_network_security_rule" "predefined_rules_for" { for_each = { for value in var.predefined_rules : value.name => value if var.use_for_each } - access = element(var.rules[lookup(each.value, "name")], 1) - direction = element(var.rules[lookup(each.value, "name")], 0) - name = lookup(each.value, "name") + access = element(var.rules[each.value["name"]], 1) + direction = element(var.rules[each.value["name"]], 0) + name = each.value["name"] network_security_group_name = azurerm_network_security_group.nsg.name priority = each.value.priority - protocol = element(var.rules[lookup(each.value, "name")], 2) + protocol = element(var.rules[each.value["name"]], 2) resource_group_name = data.azurerm_resource_group.nsg.name - description = element(var.rules[lookup(each.value, "name")], 5) + description = element(var.rules[each.value["name"]], 5) destination_address_prefix = lookup(each.value, "destination_application_security_group_ids", null) == null && var.destination_address_prefixes == null ? join(",", var.destination_address_prefix) : null destination_address_prefixes = lookup(each.value, "destination_application_security_group_ids", null) == null ? var.destination_address_prefixes : null destination_application_security_group_ids = lookup(each.value, "destination_application_security_group_ids", null) - destination_port_range = element(var.rules[lookup(each.value, "name")], 4) + destination_port_range = element(var.rules[each.value["name"]], 4) source_address_prefix = lookup(each.value, "source_application_security_group_ids", null) == null && var.source_address_prefixes == null ? join(",", var.source_address_prefix) : null source_address_prefixes = lookup(each.value, "source_application_security_group_ids", null) == null ? var.source_address_prefixes : null source_application_security_group_ids = lookup(each.value, "source_application_security_group_ids", null) @@ -84,7 +84,7 @@ resource "azurerm_network_security_rule" "custom_rules" { direction = lookup(var.custom_rules[count.index], "direction", "Inbound") name = lookup(var.custom_rules[count.index], "name", "default_rule_name") network_security_group_name = azurerm_network_security_group.nsg.name - priority = lookup(var.custom_rules[count.index], "priority") + priority = var.custom_rules[count.index]["priority"] protocol = lookup(var.custom_rules[count.index], "protocol", "*") resource_group_name = data.azurerm_resource_group.nsg.name description = lookup(var.custom_rules[count.index], "description", "Security rule for ${lookup(var.custom_rules[count.index], "name", "default_rule_name")}")