Added new module for nsg and nsr (#423)

* Added new module for nsg and nsr

* Added new module for nsg and nsr

* Added new module for nsg and nsr

* Added new module for nsg and nsr

* Added new module for nsg and nsr

* Added new module for nsg and nsr

* Added new module for nsg and nsr

* Added new module for nsg and nsr

* Added new module for nsg and nsr

* Added new module for nsg and nsr

* Added new module for nsg and nsr

* Added new module for nsg and nsr

* Updated readme.me and added validations

* Updated readme.me and added validations

* Updated readme.me and added validations

* Updated readme.me and added validations

* Updated readme.me and added validations

* Updated readme.me and added validations

* Updated readme.me and added validations

* Updated readme.me and added validations

* Updated readme.me and added validations

* Updated readme.md

* Updated readme.md

* Updated readme.md

* Updated readme.md

* Added module to release-please

Author: JulianGV21

modules/azure-nsg-nsr/README.MD

@@ -0,0 +1,101 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.7.0 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | >= 4.16.0 |
+
+---
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | >= 4.16.0 |
+
+---
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_network_security_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/4.16.0/docs/resources/network_security_group) | resource |
+| [azurerm_network_security_rule.this](https://registry.terraform.io/providers/hashicorp/azurerm/4.16.0/docs/resources/network_security_rule) | resource |
+
+---
+
+## Inputs
+
+### Network Security Group Configuration
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| `name` | The name of the Network Security Group. | `string` | - | yes |
+| `location` | The Azure region where the NSG will be created. | `string` | - | yes |
+| `resource_group_name` | The name of the resource group in which to create the NSG. | `string` | - | yes |
+| `tags` | A map of tags to assign to the NSG. | `map(string)` | `{}` | no |
+
+### Network Security Rules
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| `name` | The name of the security rule. | `string` | - | yes |
+| `priority` | The priority of the rule. | `number` | - | yes |
+| `direction` | The direction of the rule (Inbound/Outbound). | `string` | - | yes |
+| `access` | The access type (Allow/Deny). | `string` | - | yes |
+| `protocol` | The network protocol (Tcp, Udp, Icmp, etc.). | `string` | - | yes |
+| `source_port_range` | The source port range. | `string` | - | show bellow |
+| `source_port_ranges` | A list of source port ranges. | `list(string)` | - | show bellow |
+| `destination_port_range` | The destination port range. | `string` | - | show bellow |
+| `destination_port_ranges` | A list of destination port ranges. | `list(string)` | - | show bellow |
+| `source_address_prefix` | The source address prefix. | `string` | - | show bellow |
+| `source_address_prefixes` | A list of source address prefixes. | `list(string)` | - | show bellow |
+| `destination_address_prefix` | The destination address prefix. | `string` | - | show bellow |
+| `destination_address_prefixes` | A list of destination address prefixes. | `list(string)` | - | show bellow |
+
+**source_port_range** and **source_port_ranges** are required to have at least one of them but you can't have both at the same time.
+
+**destination_port_range** and **destination_port_ranges** are required to have at least one of them but you can't have both at the same time.
+
+**source_address_prefix** and **source_address_prefixes** are required to have at least one of them but you can't have both at the same time.
+
+**destination_address_prefix** and **destination_address_prefixes** are required to have at least one of them but you can't have both at the same time.
+
+## Example Usage
+
+```hcl
+
+nsg = {
+  name                = "example-nsg"
+  location            = "East US"
+  resource_group_name = "example-rg"
+  tags = {
+    env = "Production"
+  }
+}
+
+rules = {
+  rule1 = {
+    name                       = "AllowSSH"
+    priority                   = 100
+    direction                  = "Inbound"
+    access                     = "Allow"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "22"
+    source_address_prefix      = "10.0.0.0/24"
+    destination_address_prefix = "*"
+  }
+  rule2 = {
+    name                       = "AllowHTTP"
+    priority                   = 200
+    direction                  = "Inbound"
+    access                     = "Allow"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "80"
+    source_address_prefix      = "0.0.0.0/0"
+    destination_address_prefix = "*"
+  }
+}
+```

modules/azure-nsg-nsr/main.tf

@@ -0,0 +1,28 @@
+# RESOURCES SECTION
+# https://registry.terraform.io/providers/hashicorp/azurerm/4.16.0/docs/resources/network_security_group
+resource "azurerm_network_security_group" "this" {
+  name                = var.nsg.name
+  location            = var.nsg.location
+  resource_group_name = var.nsg.resource_group_name
+  tags                = var.nsg.tags
+}
+
+# https://registry.terraform.io/providers/hashicorp/azurerm/4.16.0/docs/resources/network_security_rule
+resource "azurerm_network_security_rule" "this" {
+  for_each                     = var.rules
+  name                         = each.value.name
+  priority                     = each.value.priority
+  direction                    = each.value.direction
+  access                       = each.value.access
+  protocol                     = each.value.protocol
+  source_port_range            = each.value.source_port_range
+  source_port_ranges           = each.value.source_port_ranges
+  destination_port_range       = each.value.destination_port_range
+  destination_port_ranges      = each.value.destination_port_ranges
+  source_address_prefix        = each.value.source_address_prefix
+  source_address_prefixes      = each.value.source_address_prefixes
+  destination_address_prefix   = each.value.destination_address_prefix
+  destination_address_prefixes = each.value.destination_address_prefixes
+  resource_group_name          = var.nsg.resource_group_name
+  network_security_group_name  = var.nsg.name
+}

modules/azure-nsg-nsr/outputs.tf

@@ -0,0 +1,4 @@
+# OUTPUTS SECTION
+output "id" {
+  value = azurerm_network_security_group.this.id
+}

modules/azure-nsg-nsr/variables.tf

@@ -0,0 +1,65 @@
+# VARIABLES SECTION
+variable "nsg" {
+  description = "Network Security Group configuration"
+  type = object({
+    name                = string
+    location            = string
+    resource_group_name = string
+    tags                = optional(map(string))
+  })
+}
+
+variable "rules" {
+  description = "Network Security Rule configuration"
+  type = map(object({
+    name                         = string
+    priority                     = number
+    direction                    = string
+    access                       = string
+    protocol                     = string
+    source_port_range            = optional(string)
+    source_port_ranges           = optional(list(string))
+    destination_port_range       = optional(string)
+    destination_port_ranges      = optional(list(string))
+    source_address_prefix        = optional(string)
+    source_address_prefixes      = optional(list(string))
+    destination_address_prefix   = optional(string)
+    destination_address_prefixes = optional(list(string))
+  }))
+  validation {
+    condition = alltrue([
+      for rule in var.rules :
+      (rule.source_port_range == null || rule.source_port_ranges == null)
+      || (rule.source_port_range != null && rule.source_port_ranges == null)
+      || (rule.source_port_range == null && rule.source_port_ranges != null)
+    ])
+    error_message = "Only one of 'source_port_range' or 'source_port_ranges' can be specified for each rule."
+  }
+  validation {
+    condition = alltrue([
+      for rule in var.rules :
+      (rule.destination_port_range == null || rule.destination_port_ranges == null)
+      || (rule.destination_port_range != null && rule.destination_port_ranges == null)
+      || (rule.destination_port_range == null && rule.destination_port_ranges != null)
+    ])
+    error_message = "Only one of 'destination_port_range' or 'destination_port_ranges' can be specified for each rule."
+  }
+  validation {
+    condition = alltrue([
+      for rule in var.rules :
+      (rule.source_address_prefix == null || rule.source_address_prefixes == null)
+      || (rule.source_address_prefix != null && rule.source_address_prefixes == null)
+      || (rule.source_address_prefix == null && rule.source_address_prefixes != null)
+    ])
+    error_message = "Only one of 'source_adress_prefix' or 'source_adress_prefixes' can be specified for each rule."
+  }
+  validation {
+    condition = alltrue([
+      for rule in var.rules :
+      (rule.destination_address_prefix == null || rule.destination_address_prefixes == null)
+      || (rule.destination_address_prefix != null && rule.destination_address_prefixes == null)
+      || (rule.destination_address_prefix == null && rule.destination_address_prefixes != null)
+    ])
+    error_message = "Only one of 'destination_adress_prefix' or 'destination_adress_prefixes' can be specified for each rule."
+  }
+}

modules/azure-nsg-nsr/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.7.0"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 4.16.0"
+    }
+  }
+}

release-please-config.json

@@ -74,6 +74,9 @@
         },
         "modules/azure-public-prefix": {
             "package-name": "azure-public-prefix"
+        },
+        "modules/azure-nsg-nsr": {
+            "package-name": "azure-nsg-nsr"
         }
     }
 }