support for multiple extra seclists

Signed-off-by: junior <junior@users.noreply.github.com>

Author: junior

defaults.tf

@@ -103,7 +103,7 @@ locals {
     #   alternative_route_table    = null # Optional, Name of the previously created route table
     #   dhcp_options_id            = module.vcn.default_dhcp_options_id # If null, the VCN's default set of DHCP options is used
     #   security_list_ids          = [module.security_lists["opensearch_security_list"].security_list_id] # If null, the VCN's default security list is used
-    #   alternative_security_list  = null # Optional, Name of the previously created security list
+    #   extra_security_list_names  = [] # Optional, Names of the previously created security lists
     #   ipv6cidr_block             = null # If null, no IPv6 CIDR block is assigned
     # },
   ]

main.tf

@@ -208,7 +208,7 @@ locals {
       alternative_route_table    = null
       dhcp_options_id            = module.vcn.default_dhcp_options_id
       security_list_ids          = [module.security_lists["oke_endpoint_security_list"].security_list_id]
-      alternative_security_list  = null
+      extra_security_list_names  = anytrue([(var.extra_security_list_name_for_api_endpoint == ""), (var.extra_security_list_name_for_api_endpoint == null)]) ? [] : [var.extra_security_list_name_for_api_endpoint]
       ipv6cidr_block             = null
     },
     {
@@ -222,7 +222,7 @@ locals {
       alternative_route_table    = null
       dhcp_options_id            = module.vcn.default_dhcp_options_id
       security_list_ids          = [module.security_lists["oke_nodes_security_list"].security_list_id]
-      alternative_security_list  = null
+      extra_security_list_names  = anytrue([(var.extra_security_list_name_for_nodes == ""), (var.extra_security_list_name_for_nodes == null)]) ? [] : [var.extra_security_list_name_for_nodes]
       ipv6cidr_block             = null
     },
     {
@@ -236,7 +236,7 @@ locals {
       alternative_route_table    = null
       dhcp_options_id            = module.vcn.default_dhcp_options_id
       security_list_ids          = [module.security_lists["oke_lb_security_list"].security_list_id]
-      alternative_security_list  = null
+      extra_security_list_names  = []
       ipv6cidr_block             = null
     }
   ]
@@ -252,7 +252,7 @@ locals {
       alternative_route_table    = null
       dhcp_options_id            = module.vcn.default_dhcp_options_id
       security_list_ids          = [module.security_lists["oke_pod_network_security_list"].security_list_id]
-      alternative_security_list  = null
+      extra_security_list_names  = []
       ipv6cidr_block             = null
   }] : []
   subnet_bastion           = []

oci-networking.tf

@@ -66,12 +66,14 @@ module "subnets" {
   prohibit_internet_ingress  = each.value.prohibit_internet_ingress
   route_table_id = (anytrue([(each.value.alternative_route_table == ""), (each.value.alternative_route_table == null)])
     ? each.value.route_table_id
-  : module.route_tables[each.value.alternative_route_table].route_table_id)                                                    # If null, the VCN's default route table is used
-  dhcp_options_id = each.value.dhcp_options_id                                                                                 # If null, the VCN's default set of DHCP options is used
-  security_list_ids = (anytrue([(each.value.alternative_security_list == ""), (each.value.alternative_security_list == null)]) # If null, the VCN's default security list is used
-    ? each.value.security_list_ids
-  : [module.security_lists[each.value.alternative_security_list].security_list_id])
-  ipv6cidr_block = each.value.ipv6cidr_block # If null, no IPv6 CIDR block is assigned
+  : module.route_tables[each.value.alternative_route_table].route_table_id)                                                                             # If null, the VCN's default route table is used
+  dhcp_options_id   = each.value.dhcp_options_id                                                                                                        # If null, the VCN's default set of DHCP options is used
+  security_list_ids = concat(each.value.security_list_ids, [for v in each.value.extra_security_list_names : module.security_lists[v].security_list_id]) # If null, the VCN's default security list is used
+  ipv6cidr_block    = each.value.ipv6cidr_block                                                                                                         # If null, no IPv6 CIDR block is assigned
+
+  #   security_list_ids = (anytrue([(each.value.alternative_security_list == ""), (each.value.alternative_security_list == null)]) # If null, the VCN's default security list is used
+  #   ? each.value.security_list_ids
+  # : [module.security_lists[each.value.alternative_security_list].security_list_id])
 }
 
 ################################################################################

variables.tf

@@ -107,6 +107,14 @@ variable "extra_security_lists" {
   default     = []
   description = "Extra security lists to be created."
 }
+variable "extra_security_list_name_for_api_endpoint" {
+  default     = null
+  description = "Extra security list name previosly created to be used by the K8s API Endpoint Subnet."
+}
+variable "extra_security_list_name_for_nodes" {
+  default     = null
+  description = "Extra security list name previosly created to be used by the Nodes Subnet."
+}
 
 ################################################################################
 # Variables: OKE Network