From a96af024a009158d96e6103116b41256c961c48b Mon Sep 17 00:00:00 2001
From: "francesco.mangiacrapa" <francesco.mangiacrapa@isti.cnr.it>
Date: Fri, 24 Nov 2023 09:51:04 +0100
Subject: [PATCH] Added list of security groups and updated the geoserver.tf

---
 .../d4s-dev/variables/variables-dev.tf        | 114 +++++++++++-------
 openstack-tf/modules/geoserver/geoserver.tf   |   4 +-
 2 files changed, 72 insertions(+), 46 deletions(-)

diff --git a/openstack-tf/d4s-dev/variables/variables-dev.tf b/openstack-tf/d4s-dev/variables/variables-dev.tf
index c033677..501738a 100644
--- a/openstack-tf/d4s-dev/variables/variables-dev.tf
+++ b/openstack-tf/d4s-dev/variables/variables-dev.tf
@@ -7,13 +7,13 @@ variable "os_project_data" {
 }
 
 variable "dns_zone" {
-  type    = map(string)
+  type = map(string)
   default = {
-    zone_name = "cloud-dev.d4science.org."
-    email = "postmaster@isti.cnr.it"
+    zone_name   = "cloud-dev.d4science.org."
+    email       = "postmaster@isti.cnr.it"
     description = "DNS primary zone for the d4s-dev-cloud project"
-    ttl = 8600
-    }
+    ttl         = 8600
+  }
 }
 
 variable "dns_zone_id" {
@@ -28,62 +28,62 @@ variable "default_security_group_name" {
 variable "main_private_network" {
   type = map(string)
   default = {
-    name = "d4s-dev-cloud-main"
+    name        = "d4s-dev-cloud-main"
     description = "D4Science DEV private network (use this as the main network)"
-    }
+  }
 }
 
 variable "main_private_subnet" {
   type = map(string)
   default = {
-    name = "d4s-dev-cloud-sub"
-    description = "D4Science DEV main private subnet"
-    cidr = "10.1.28.0/22"
-    gateway_ip = "10.1.28.1"
+    name             = "d4s-dev-cloud-sub"
+    description      = "D4Science DEV main private subnet"
+    cidr             = "10.1.28.0/22"
+    gateway_ip       = "10.1.28.1"
     allocation_start = "10.1.28.30"
-    allocation_end = "10.1.31.254"
-    }
+    allocation_end   = "10.1.31.254"
+  }
 }
 
 variable "external_router" {
   type = map(string)
   default = {
-    name = "d4s-dev-cloud-external-router"
+    name        = "d4s-dev-cloud-external-router"
     description = "D4Science DEV main router"
-    id = "2ae28c5f-036b-45db-bc9f-5bab8fa3e914"
-    }
+    id          = "2ae28c5f-036b-45db-bc9f-5bab8fa3e914"
+  }
 }
 
 variable "main_haproxy_l7_ip" {
-  type = list(string)
+  type    = list(string)
   default = ["10.1.28.50", "10.1.30.241"]
 }
 
 variable "octavia_information" {
   type = map(string)
   default = {
-    main_lb_name = "lb-dev-l4"
+    main_lb_name        = "lb-dev-l4"
     main_lb_description = "Main L4 load balancer for the D4Science DEV"
-    octavia_flavor = "octavia_amphora-mvcpu-ha"
-    octavia_flavor_id = "394988b5-6603-4a1e-a939-8e177c6681c7"
-    main_lb_hostname = "main-lb"
+    octavia_flavor      = "octavia_amphora-mvcpu-ha"
+    octavia_flavor_id   = "394988b5-6603-4a1e-a939-8e177c6681c7"
+    main_lb_hostname    = "main-lb"
   }
 }
 
 variable "basic_services_ip" {
   type = map(string)
   default = {
-    ca = "10.1.29.247"
-    ca_cidr = "10.1.29.247/32"
-    ssh_jump = "10.1.29.164"
-    ssh_jump_cidr = "10.1.29.164/32"
-    prometheus = "10.1.30.129"
-    prometheus_cidr = "10.1.30.129/32"
-    haproxy_l7_1 = "10.1.28.50"
+    ca                = "10.1.29.247"
+    ca_cidr           = "10.1.29.247/32"
+    ssh_jump          = "10.1.29.164"
+    ssh_jump_cidr     = "10.1.29.164/32"
+    prometheus        = "10.1.30.129"
+    prometheus_cidr   = "10.1.30.129/32"
+    haproxy_l7_1      = "10.1.28.50"
     haproxy_l7_1_cidr = "10.1.28.50/32"
-    haproxy_l7_2 = "10.1.30.241"
+    haproxy_l7_2      = "10.1.30.241"
     haproxy_l7_2_cidr = "10.1.30.241/32"
-    octavia_main = "10.1.28.227"
+    octavia_main      = "10.1.28.227"
     octavia_main_cidr = "10.1.28.227/32"
   }
 }
@@ -91,29 +91,55 @@ variable "basic_services_ip" {
 variable "orientdb_net" {
   type = map(string)
   default = {
-        network_name = "orientdb-net"
-        network_description = "Network used by the OrientDB cluster and to access the service"
-        network_cidr = "192.168.10.0/24"
-        allocation_pool_start = "192.168.10.11"
-        allocation_pool_end = "192.168.10.254"
-  } 
+    network_name          = "orientdb-net"
+    network_description   = "Network used by the OrientDB cluster and to access the service"
+    network_cidr          = "192.168.10.0/24"
+    allocation_pool_start = "192.168.10.11"
+    allocation_pool_end   = "192.168.10.254"
+  }
 }
 
 variable "orientdb_se_net" {
   type = map(string)
   default = {
-        network_name = "orientdb-se-net"
-        network_description = "Network used by the OrientDB for Smart Executor"
-        network_cidr = "192.168.12.0/24"
-        allocation_pool_start = "192.168.12.11"
-        allocation_pool_end = "192.168.12.254"
-  } 
+    network_name          = "orientdb-se-net"
+    network_description   = "Network used by the OrientDB for Smart Executor"
+    network_cidr          = "192.168.12.0/24"
+    allocation_pool_start = "192.168.12.11"
+    allocation_pool_end   = "192.168.12.254"
+  }
 }
 
 variable "orientdb_se_secgroup" {
-  default = "access_to_orientdb_se"  
+  default = "access_to_orientdb_se"
 }
 
 variable "postgresql_secgroup" {
-  default = "PostgreSQL service"  
+  default = "PostgreSQL service"
+}
+
+#Added by Francesco
+variable "security_group_list" {
+  type = map(string)
+  default = {
+    postgreSQL                             = "PostgreSQL service"
+    acaland                                = "acaland's dev machine"
+    haproxy                                = "HAPROXY L7"
+    access_to_orientdb                     = "access_to_orientdb"
+    dataminer-publish                      = "dataminer-publish"
+    docker_swarm_NFS                       = "Docker Swarm NFS"
+    public_HTTPS                           = "Public HTTPS"
+    haproxy                                = "HAPROXY L7"
+    orientdb_internal_docker_traffic       = "orientdb_internal_docker_traffic"
+    limited_SSH_access                     = "Limited SSH access"
+    access_to_the_timescaledb_service      = "access_to_the_timescaledb_service"
+    docker_swarm                           = "Docker Swarm"
+    http_and_https_from_the_load_balancers = "http and https from the load balancers"
+    limited_HTTPS_access                   = "Limited HTTPS access"
+    mongo                                  = "mongo"
+    limited_SSH_access                     = "Limited SSH access"
+    default                                = "default"
+    cassandra                              = "Cassandra"
+    access_to_orientdb_se                  = "access_to_orientdb_se"
+  }
 }
diff --git a/openstack-tf/modules/geoserver/geoserver.tf b/openstack-tf/modules/geoserver/geoserver.tf
index 5fd8369..a6a1433 100644
--- a/openstack-tf/modules/geoserver/geoserver.tf
+++ b/openstack-tf/modules/geoserver/geoserver.tf
@@ -1,4 +1,4 @@
-#Geoserver attached volume - used for 'geoserver_data'
+# Geoserver attached volume - used for 'geoserver_data'
 resource "openstack_blockstorage_volume_v3" "geoserver_data_vol" {
   name = var.geoserver_basic_data.vol_data_name
   size = var.geoserver_basic_data.vol_data_size
@@ -10,7 +10,7 @@ resource "openstack_compute_instance_v2" "geoserver" {
   availability_zone_hints = var.availability_zones_names.availability_zone_no_gpu
   flavor_name             = var.geoserver_basic.flavor
   key_pair                = var.ssh_key_file.name
-  security_groups         = [var.default_security_group_name]
+  security_groups         = [var.security_group_list.default, var.security_group_list.http_and_https_from_the_load_balancers]
   block_device {
     uuid                  = var.ubuntu_1804.uuid
     source_type           = "image"