# Security groups lb-frontend
resource "openstack_networking_secgroup_v2" "lb-dco" {
  name        = "lb-frontend"
  description = "Ingress lb traffic to allow."
  provider=openstack.dco
}

resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule_v4_dco" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = "8443"
  port_range_max    = "8443"
  provider          = openstack.dco
  remote_ip_prefix  = "87.251.31.118/32"
  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
}

resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule2_v4_dco" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = "16443"
  port_range_max    = "16443"
  provider          = openstack.dco
  remote_ip_prefix  = "87.251.31.118/32"
  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
}

# From mgmt1

resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule3_v4_dco" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = "16443"
  port_range_max    = "16443"
  provider          = openstack.dco
  remote_ip_prefix  = "89.47.191.66/32"
  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
}



resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule4_v4_dco" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = "80"
  port_range_max    = "80"
  provider          = openstack.dco
  remote_ip_prefix  = "89.47.191.66/32"
  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
}

resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule5_v4_dco" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = "443"
  port_range_max    = "443"
  provider          = openstack.dco
  remote_ip_prefix  = "89.47.191.66/32"
  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
}

resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule6_v4_dco" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = "8443"
  port_range_max    = "8443"
  provider          = openstack.dco
  remote_ip_prefix  = "89.47.191.66/32"
  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
}

resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule7_v4_dco" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = "8080"
  port_range_max    = "8080"
  provider          = openstack.dco
  remote_ip_prefix  = "89.47.191.66/32"
  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
}

resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule8_v4_dco" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = "16443"
  port_range_max    = "16443"
  provider          = openstack.dco
  remote_ip_prefix  = "89.47.184.88/32"
  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
}

resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule9_v4_dco" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = "16443"
  port_range_max    = "16443"
  provider          = openstack.dco
  remote_ip_prefix  = "130.242.121.23/32"
  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
}