From 57d971605a0aefd08485bd5e9bb7b942eb456934 Mon Sep 17 00:00:00 2001
From: Simon Pearce <s.pearce@syseleven.de>
Date: Wed, 22 Jan 2025 09:37:59 +0100
Subject: [PATCH] move port to application add secgroups to port config

---
 vpnaas/main.tf                          |  6 +++--
 vpnaas/modules/application/main.tf      | 31 ++++++++++++++++++++-----
 vpnaas/modules/application/variables.tf | 12 ++++++----
 vpnaas/modules/network/main.tf          | 11 ---------
 vpnaas/modules/network/output.tf        |  8 +++++--
 5 files changed, 43 insertions(+), 25 deletions(-)

diff --git a/vpnaas/main.tf b/vpnaas/main.tf
index e8c4cbc..29a1836 100644
--- a/vpnaas/main.tf
+++ b/vpnaas/main.tf
@@ -36,7 +36,8 @@ module "application_ham1" {
   app_depends_on = [module.network_ham1.subnet]
   region         = "ham1"
   public_key     = var.public_key
-  port_id        = module.network_ham1.instance_port_id
+  network_id     = module.network_ham1.network_id
+  subnet_id      = module.network_ham1.subnet_id
 }
 
 # Deploy infrastructure to dus2
@@ -52,7 +53,8 @@ module "application_dus2" {
   app_depends_on = [module.network_dus2.subnet]
   region         = "dus2"
   public_key     = var.public_key
-  port_id        = module.network_dus2.instance_port_id
+  network_id     = module.network_dus2.network_id
+  subnet_id      = module.network_dus2.subnet_id
 }
 
 # VPN Site-to-Site connections
diff --git a/vpnaas/modules/application/main.tf b/vpnaas/modules/application/main.tf
index e4128e0..80ac4f3 100644
--- a/vpnaas/modules/application/main.tf
+++ b/vpnaas/modules/application/main.tf
@@ -3,10 +3,6 @@ provider "openstack" {
   region = var.region
 }
 
-data "openstack_networking_network_v2" "ext_net" {
-  name = "ext-net"
-}
-
 # Select latest Openstack Ubuntu Image
 data "openstack_images_image_v2" "image" {
   most_recent = true
@@ -18,6 +14,14 @@ data "openstack_images_image_v2" "image" {
   }
 }
 
+data "openstack_networking_network_v2" "ext_net" {
+  name = "ext-net"
+}
+
+data "openstack_networking_secgroup_v2" "default" {
+  name        = "default"
+}
+
 # Create SSH Key
 resource "openstack_compute_keypair_v2" "application" {
   name       = var.name
@@ -50,6 +54,21 @@ resource "openstack_networking_secgroup_rule_v2" "icmp_rule" {
   security_group_id = openstack_networking_secgroup_v2.application_secgroup.id
 }
 
+# Create a Network Port for instance
+resource "openstack_networking_port_v2" "network" {
+  name               = var.name
+  admin_state_up     = "true"
+  network_id         = var.network_id
+  security_group_ids = [
+    openstack_networking_secgroup_v2.application_secgroup.id,
+    data.openstack_networking_secgroup_v2.default.id,
+  ]
+
+  fixed_ip {
+    subnet_id = var.subnet_id
+  }
+}
+
 # Create VM instance with a floating IP
 resource "openstack_compute_instance_v2" "application" {
   depends_on  = [var.app_depends_on]
@@ -57,10 +76,10 @@ resource "openstack_compute_instance_v2" "application" {
   image_name  = var.image_name != null ? var.image_name : data.openstack_images_image_v2.image.name
   flavor_name = var.flavor
   key_pair    = openstack_compute_keypair_v2.application.name
-  security_groups = ["unicorn_secgroup","default"]
 
   network {
     name = var.network
+    port = openstack_networking_port_v2.network.id
   }
 }
 
@@ -70,5 +89,5 @@ resource "openstack_networking_floatingip_v2" "application" {
 
 resource "openstack_networking_floatingip_associate_v2" "application" {
   floating_ip = openstack_networking_floatingip_v2.application.address
-  port_id     = var.port_id
+  port_id     = openstack_networking_port_v2.network.id
 }
diff --git a/vpnaas/modules/application/variables.tf b/vpnaas/modules/application/variables.tf
index 4ffa1fb..27682a7 100644
--- a/vpnaas/modules/application/variables.tf
+++ b/vpnaas/modules/application/variables.tf
@@ -18,6 +18,14 @@ variable "network" {
   default = "unicorn"
 }
 
+variable "network_id" {
+  type    = string
+}
+
+variable "subnet_id" {
+  type    = string
+}
+
 variable "public_key" {
   type = string
 }
@@ -27,10 +35,6 @@ variable "flavor" {
   default = "m2.tiny"
 }
 
-variable "port_id" {
-  type = string
-}
-
 variable "app_depends_on" {
   type    = any
     default = null
diff --git a/vpnaas/modules/network/main.tf b/vpnaas/modules/network/main.tf
index 1ad648b..7c84604 100644
--- a/vpnaas/modules/network/main.tf
+++ b/vpnaas/modules/network/main.tf
@@ -21,17 +21,6 @@ resource "openstack_networking_subnet_v2" "network" {
   dns_nameservers = ["8.8.8.8", "8.8.4.4"]
 }
 
-# Create Network Port for instance
-resource "openstack_networking_port_v2" "network" {
-  name               = var.name
-  admin_state_up     = "true"
-  network_id         = openstack_networking_network_v2.network.id
-
-  fixed_ip {
-    subnet_id = openstack_networking_subnet_v2.network.id
-  }
-}
-
 # Create Network Router
 resource "openstack_networking_router_v2" "network" {
   name                = var.name
diff --git a/vpnaas/modules/network/output.tf b/vpnaas/modules/network/output.tf
index e387062..c0e2942 100644
--- a/vpnaas/modules/network/output.tf
+++ b/vpnaas/modules/network/output.tf
@@ -2,8 +2,12 @@ output "subnet" {
   value = openstack_networking_subnet_v2.network
 }
 
-output "instance_port_id" {
-  value = openstack_networking_port_v2.network.id
+output "subnet_id" {
+  value = openstack_networking_subnet_v2.network.id
+}
+
+output "network_id" {
+  value = openstack_networking_network_v2.network.id
 }
 
 output "vpnservice_id" {