Allow specifying the running security groups for a space

GSA-TTS · Oct 10, 2024 · 8aead5c · 8aead5c
1 parent bc66708
commit 8aead5c
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -142,6 +142,10 @@ module "egress_space" {
   deployers = [
     var.cf_user
   ]
+  asg_names = [
+    "trusted_local_networks_egress",
+    "public_networks_egress"
+  ]
 }
 ```
 

diff --git a/cg_space/main.tf b/cg_space/main.tf
@@ -46,3 +46,21 @@ resource "cloudfoundry_space_users" "space_permissions" {
   managers   = local.manager_ids
   developers = local.developer_ids
 }
+
+###
+# Space Security Groups
+###
+
+data "cloudfoundry_asg" "asgs" {
+  for_each = var.asg_names
+  name     = each.key
+}
+
+locals {
+  asg_ids = [for asg in data.cloudfoundry_asg.asgs : asg.id]
+}
+
+resource "cloudfoundry_space_asgs" "running_security_groups" {
+  space        = cloudfoundry_space.space.id
+  running_asgs = local.asg_ids
+}
diff --git a/cg_space/tests/creation.tftest.hcl b/cg_space/tests/creation.tftest.hcl
@@ -22,6 +22,7 @@ mock_provider "cloudfoundry" {
 variables {
   cf_org_name   = "gsa-tts-devtools-prototyping"
   cf_space_name = "terraform-cloudgov-ci-tests-egress"
+  asg_names     = ["trusted_local_networks_egress"]
 }
 
 run "test_space_creation" {

diff --git a/cg_space/variables.tf b/cg_space/variables.tf
@@ -8,6 +8,12 @@ variable "cf_space_name" {
   description = "cloud.gov space name to create"
 }
 
+variable "asg_names" {
+  type        = set(string)
+  description = "list of security group names to apply to the Space"
+  default     = []
+}
+
 variable "managers" {
   type        = set(string)
   description = "list of cloud.gov users to be assigned to the SpaceManager role"