feat(sg): handle security_group_id and add example (#19)

* feat(sg): handle security_group_id and add example

Co-authored-by: Benoit Garcia <72207524+benoit-garcia@users.noreply.github.com>
Signed-off-by: jaime Bernabe <6184069+Monitob@users.noreply.github.com>

* Update examples/basic/main.tf

---------

Signed-off-by: jaime Bernabe <6184069+Monitob@users.noreply.github.com>
Co-authored-by: Benoit Garcia <72207524+benoit-garcia@users.noreply.github.com>

Author: Monitob

README.md

@@ -35,12 +35,16 @@ module "my_sg" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_create_sg"></a> [create_sg](#input_create_sg) | Whether you choose to create a new security group. Set to false if you want to use already existing group. | `bool` | `true` | no |
 | <a name="input_enable_default_security"></a> [enable_default_security](#input_enable_default_security) | Whether to block SMTP on IPv4/IPv6 (Port 25, 465, 587). Set to false will unblock SMTP if your account is authorized to. If your organization is not yet authorized to send SMTP traffic, open a support ticket. | `bool` | `true` | no |
 | <a name="input_inbound_default_policy"></a> [inbound_default_policy](#input_inbound_default_policy) | Default policy on incoming traffic. Possible values are: accept or drop. | `string` | `"drop"` | no |
 | <a name="input_inbound_rules"></a> [inbound_rules](#input_inbound_rules) | List of inbound rule to add to the security group. | ```list(object({ action = string protocol = string port = optional(number) port_range = optional(string) ip = optional(string) ip_range = optional(string) }))``` | ```[ { "action": null, "ip": null, "ip_range": null, "port": null, "port_range": null, "protocol": null } ]``` | no |
 | <a name="input_name"></a> [name](#input_name) | Name of the security group. | `string` | `null` | no |
 | <a name="input_outbound_default_policy"></a> [outbound_default_policy](#input_outbound_default_policy) | Default policy on outgoing traffic. Possible values are: accept or drop. | `string` | `"drop"` | no |
 | <a name="input_outbound_rules"></a> [outbound_rules](#input_outbound_rules) | List of outbound rule to add to the security group. | ```list(object({ action = string protocol = string port = optional(number) port_range = optional(string) ip = optional(string) ip_range = optional(string) }))``` | ```[ { "action": null, "ip": null, "ip_range": null, "port": null, "port_range": null, "protocol": null } ]``` | no |
+| <a name="input_security_group_description"></a> [security_group_description](#input_security_group_description) | Security Group description | `string` | `""` | no |
+| <a name="input_security_group_id"></a> [security_group_id](#input_security_group_id) | Whether you choose to use and existing security group. | `string` | `""` | no |
+| <a name="input_sg_tags"></a> [sg_tags](#input_sg_tags) | Additional tags for the Security Groups | `list(string)` | `[]` | no |
 | <a name="input_stateful"></a> [stateful](#input_stateful) | Boolean to specify whether the security group should be stateful or not. | `bool` | `true` | no |
 | <a name="input_tags"></a> [tags](#input_tags) | Tags associated with the security group and its rules. | `list(any)` | `[]` | no |
 
@@ -49,6 +53,9 @@ module "my_sg" {
 | Name | Description |
 |------|-------------|
 | <a name="output_group_id"></a> [group_id](#output_group_id) | ID of the security group. |
+| <a name="output_security_group_description"></a> [security_group_description](#output_security_group_description) | The description of the security group |
+| <a name="output_security_group_id"></a> [security_group_id](#output_security_group_id) | The ID of the security group |
+| <a name="output_security_group_name"></a> [security_group_name](#output_security_group_name) | The name of the security group |
 <!-- END_TF_DOCS -->
 
 ## Authors

examples/basic/README.md

@@ -0,0 +1,54 @@
+# Scaleway Security Group Terraform module
+
+Terraform module that can be used to deploy a Security Groups configuration with their rules on Scaleway. Common
+deployment examples can be found in [examples/](../../examples).
+
+This is a basic example showing how to use the module.
+
+## Usage
+
+The example below provision a basic Security Group configuration.
+
+``` hcl
+
+
+locals {
+  inbound_rules = [
+    {
+      action     = "accept"
+      ip_range   = "10.10.0.0/20"
+      port_range = "15-25"
+      protocol   = "TCP"
+    },
+    {
+      action   = "drop"
+      port     = 443
+      ip_range = "0.0.0.0/0"
+      protocol = "TCP"
+    }
+  ]
+  outbound_rules = [
+    {
+      action     = "accept"
+      port_range = "80-90"
+      ip_range   = "0.0.0.0/0"
+      protocol   = "TCP"
+    },
+    {
+      action   = "drop"
+      port     = 443
+      ip_range = "0.0.0.0/0"
+      protocol = "TCP"
+    }
+  ]
+}
+
+module "my_sg" {
+  source                     = "scaleway-terraform-modules/security_group/scaleway"
+  name                       = "my_security_group"
+  create_sg                  = true
+  security_group_description = "description"
+  inbound_rules              = local.inbound_rules
+  outbound_rules             = local.outbound_rules
+}
+```

examples/basic/main.tf

@@ -0,0 +1,58 @@
+provider "scaleway" {
+  region = "fr-par"
+  zone   = "fr-par-1"
+}
+
+locals {
+  name        = "example-module-security-group-and-rules-${basename(path.cwd)}"
+  description = "Security group with all available arguments set (this is just an example)"
+
+  tags = [
+    local.name,
+    "terraform-scaleway-security-group-module"
+  ]
+
+  create_sg = true
+
+  inbound_rules = [
+    {
+      action     = "accept"
+      ip_range   = "10.10.0.0/20"
+      port_range = "15-25"
+      protocol   = "TCP"
+    },
+    {
+      action   = "drop"
+      port     = 443
+      ip_range = "0.0.0.0/0"
+      protocol = "TCP"
+    }
+  ]
+  outbound_rules = [
+    {
+      action     = "accept"
+      port_range = "80-90"
+      ip_range   = "0.0.0.0/0"
+      protocol   = "TCP"
+    },
+    {
+      action   = "drop"
+      port     = 443
+      ip_range = "0.0.0.0/0"
+      protocol = "TCP"
+    }
+  ]
+}
+
+################################################################################
+# Security Group Module
+################################################################################
+module "sg" {
+  source                     = "../../"
+  name                       = local.name
+  create_sg                  = local.create_sg
+  security_group_description = local.description
+  tags                       = local.tags
+  inbound_rules              = local.inbound_rules
+  outbound_rules             = local.outbound_rules
+}

examples/basic/outputs.tf

@@ -0,0 +1,14 @@
+output "security_group_id" {
+  description = "The ID of the security group"
+  value       = module.sg.security_group_id
+}
+
+output "security_group_name" {
+  description = "The name of the security group"
+  value       = module.sg.security_group_name
+}
+
+output "security_group_description" {
+  description = "The description of the security group"
+  value       = module.sg.security_group_description
+}

examples/basic/variables.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    scaleway = {
+      source  = "scaleway/scaleway"
+      version = ">= 2.20"
+    }
+  }
+  required_version = ">= 0.13"
+}

examples/basic/versions.tf

@@ -1,36 +1,48 @@
+##################################
+# Get ID of created Security Group
+##################################
+locals {
+  this_sg_id = var.create_sg ? scaleway_instance_security_group.this[0].id : var.security_group_id
+}
+
 resource "scaleway_instance_security_group" "this" {
-  name     = var.name
-  stateful = var.stateful
+  count       = var.create_sg ? 1 : 0
+  name        = var.name
+  description = var.security_group_description
+  stateful    = var.stateful
 
   inbound_default_policy  = var.inbound_default_policy
   outbound_default_policy = var.outbound_default_policy
   enable_default_security = var.enable_default_security
   external_rules          = true
-  tags                    = var.tags
+  tags = concat(
+    var.tags,
+    var.sg_tags,
+  )
 }
 
 resource "scaleway_instance_security_group_rules" "this" {
-  security_group_id = scaleway_instance_security_group.this.id
+  security_group_id = local.this_sg_id
 
   dynamic "inbound_rule" {
     for_each = var.inbound_rules
     content {
-      action   = inbound_rule.value.action
-      ip_range = inbound_rule.value.ip_range
-      port     = inbound_rule.value.port
-      protocol = inbound_rule.value.protocol
-
+      action     = inbound_rule.value.action
+      ip_range   = inbound_rule.value.ip_range
+      port       = inbound_rule.value.port
+      port_range = inbound_rule.value.port_range
+      protocol   = inbound_rule.value.protocol
     }
   }
 
   dynamic "outbound_rule" {
     for_each = var.outbound_rules
     content {
-      action   = outbound_rule.value.action
-      ip_range = outbound_rule.value.ip_range
-      port     = outbound_rule.value.port
-      protocol = outbound_rule.value.protocol
-
+      action     = outbound_rule.value.action
+      ip_range   = outbound_rule.value.ip_range
+      port       = outbound_rule.value.port
+      port_range = outbound_rule.value.port_range
+      protocol   = outbound_rule.value.protocol
     }
   }
 }

main.tf

@@ -1,5 +1,19 @@
 output "group_id" {
   description = "ID of the security group."
-  sensitive   = false
-  value       = scaleway_instance_security_group.this.id
-}
+  value       = try(scaleway_instance_security_group.this[0].id, "")
+}
+
+output "security_group_id" {
+  description = "The ID of the security group"
+  value       = try(scaleway_instance_security_group.this[0].id, "")
+}
+
+output "security_group_name" {
+  description = "The name of the security group"
+  value       = try(scaleway_instance_security_group.this[0].name, "")
+}
+
+output "security_group_description" {
+  description = "The description of the security group"
+  value       = try(scaleway_instance_security_group.this[0].description, "")
+}

outputs.tf

@@ -1,9 +1,51 @@
+################################################################################
+# General
+################################################################################
+variable "create_sg" {
+  description = "Whether you choose to create a new security group. Set to false if you want to use already existing group."
+  type        = bool
+  default     = true
+}
+
+variable "security_group_id" {
+  description = "Whether you choose to use and existing security group."
+  default     = ""
+  type        = string
+}
+
+variable "enable_default_security" {
+  description = "Whether to block SMTP on IPv4/IPv6 (Port 25, 465, 587). Set to false will unblock SMTP if your account is authorized to. If your organization is not yet authorized to send SMTP traffic, open a support ticket."
+  type        = bool
+  default     = true
+}
+
+variable "tags" {
+  description = "Tags associated with the security group and its rules."
+  type        = list(any)
+  default     = []
+}
+
+variable "sg_tags" {
+  description = "Additional tags for the Security Groups"
+  type        = list(string)
+  default     = []
+}
+
 variable "name" {
   description = "Name of the security group."
   type        = string
   default     = null
 }
 
+################################################################################
+# Security Group
+################################################################################
+variable "security_group_description" {
+  description = "Security Group description"
+  type        = string
+  default     = ""
+}
+
 variable "stateful" {
   description = "Boolean to specify whether the security group should be stateful or not."
   type        = bool
@@ -32,6 +74,9 @@ variable "outbound_default_policy" {
   }
 }
 
+################################################################################
+# Security Group Rules
+################################################################################
 variable "inbound_rules" {
   description = "List of inbound rule to add to the security group."
   type = list(object({
@@ -75,15 +120,3 @@ variable "outbound_rules" {
     }
   ]
 }
-
-variable "enable_default_security" {
-  description = "Whether to block SMTP on IPv4/IPv6 (Port 25, 465, 587). Set to false will unblock SMTP if your account is authorized to. If your organization is not yet authorized to send SMTP traffic, open a support ticket."
-  type        = bool
-  default     = true
-}
-
-variable "tags" {
-  description = "Tags associated with the security group and its rules."
-  type        = list(any)
-  default     = []
-}