# Data sources for existing groups

# Datasource of sunet ssh-from-jumphost security group.
data "openstack_networking_secgroup_v2" "sshfromjumphosts" {
  name = "ssh-from-jumphost"
}

data "openstack_networking_secgroup_v2" "allegress" {
  name = "allegress"
}



# Resources to define new security groups

# Securitygroup to allow kubernetes nodes 
resource "openstack_networking_secgroup_v2" "kubenode" {
  name                 = "kubenode"
  description          = "Securitygroup for microk8s nodes"
  delete_default_rules = true
}

resource "openstack_networking_secgroup_rule_v2" "kubeingressv4" {
  direction         = "ingress"
  ethertype         = "IPv4"
  remote_group_id   = openstack_networking_secgroup_v2.kubenode.id
  security_group_id = openstack_networking_secgroup_v2.kubenode.id
}

resource "openstack_networking_secgroup_rule_v2" "kubeingressv6" {
  direction         = "ingress"
  ethertype         = "IPv6"
  remote_group_id   = openstack_networking_secgroup_v2.kubenode.id
  security_group_id = openstack_networking_secgroup_v2.kubenode.id
}

resource "openstack_networking_secgroup_rule_v2" "kubeegressv4" {
  direction         = "egress"
  ethertype         = "IPv4"
  remote_group_id   = openstack_networking_secgroup_v2.kubenode.id
  security_group_id = openstack_networking_secgroup_v2.kubenode.id
}

resource "openstack_networking_secgroup_rule_v2" "kubeegressv6" {
  direction         = "egress"
  ethertype         = "IPv6"
  remote_group_id   = openstack_networking_secgroup_v2.kubenode.id
  security_group_id = openstack_networking_secgroup_v2.kubenode.id
}

# Securitygroup to allow vrrp trafic between lb nodes
resource "openstack_networking_secgroup_v2" "lbnode" {
  name                 = "lbnode"
  description          = "Securitygroup for load balancer nodes"
  delete_default_rules = true
}

resource "openstack_networking_secgroup_rule_v2" "vrrpingress" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "vrrp"
  remote_group_id   = openstack_networking_secgroup_v2.lbnode.id
  security_group_id = openstack_networking_secgroup_v2.lbnode.id
}

resource "openstack_networking_secgroup_rule_v2" "vrrpingressv6" {
  direction         = "ingress"
  ethertype         = "IPv6"
  protocol          = "vrrp"
  remote_group_id   = openstack_networking_secgroup_v2.lbnode.id
  security_group_id = openstack_networking_secgroup_v2.lbnode.id
}