Add network security folder

Author: numbersixnz

network_security/README.md

@@ -0,0 +1,7 @@
+# Instructions
+
+- Enable Flow within Prism Central
+- Rename *terraform.tfvars-example* to *terraform.tfvars* and edit to match your environment
+- terraform init
+- terraform plan
+- terraform apply -auto-approve

network_security/images.tf

@@ -0,0 +1,5 @@
+resource "nutanix_image" "image" {
+  name        = "Arch Linux"
+  description = "Arch-Linux-x86_64-basic-20210401.18564"
+  source_uri  = var.image_uri
+}

network_security/main.tf

@@ -0,0 +1,23 @@
+terraform {
+  required_providers {
+    nutanix = {
+      source  = "nutanix/nutanix"
+      version = "1.2.0"
+    }
+  }
+}
+
+provider "nutanix" {
+  username     = var.user
+  password     = var.password
+  endpoint     = var.endpoint
+  insecure     = true
+  wait_timeout = 60
+}
+
+data "nutanix_cluster" "cluster" {
+  name = var.cluster_name
+}
+data "nutanix_subnet" "subnet" {
+  subnet_name = var.subnet_name
+}

network_security/policies.tf

@@ -0,0 +1,20 @@
+resource "nutanix_network_security_rule" "isolation" {
+    name        = "example-isolation-rule"
+    description = "Isolation Rule Example"
+
+    isolation_rule_action = "MONITOR"
+
+    isolation_rule_first_entity_filter_kind_list = ["vm"]
+    isolation_rule_first_entity_filter_type      = "CATEGORIES_MATCH_ALL"
+    isolation_rule_first_entity_filter_params {
+        name   = "Environment"
+        values = ["Dev"]
+    }
+
+    isolation_rule_second_entity_filter_kind_list = ["vm"]
+    isolation_rule_second_entity_filter_type      = "CATEGORIES_MATCH_ALL"
+    isolation_rule_second_entity_filter_params {
+        name   = "Environment"
+        values = ["Production"]
+    }
+}

network_security/terraform.tfvars-example

@@ -0,0 +1,6 @@
+cluster_name = "Cluster Name"
+subnet_name  = "Primary"
+user         = "Admin level account to Prism Central"
+password     = "Password for admin level acces to Priscm Central"
+endpoint     = "IP address or FQDN of Prism Central"
+image_uri    = "https://mirror.pkgbuild.com/images/v20210515.22945/Arch-Linux-x86_64-basic-20210515.22945.qcow2"

network_security/variables.tf

@@ -0,0 +1,18 @@
+variable "cluster_name" {
+  type = string
+}
+variable "subnet_name" {
+  type = string
+}
+variable "password" {
+  type      = string
+}
+variable "endpoint" {
+  type = string
+}
+variable "user" {
+  type = string
+}
+variable "image_uri" {
+  type = string
+}

network_security/virtual_machines.tf

@@ -0,0 +1,67 @@
+resource "nutanix_virtual_machine" "prod" {
+  name                 = "PROD - VM"
+  cluster_uuid         = data.nutanix_cluster.cluster.id
+  num_vcpus_per_socket = "2"
+  num_sockets          = "1"
+  memory_size_mib      = 1024
+  
+  categories {
+    name   = "Environment"
+    value  = "Production"
+    }
+  
+  disk_list {
+    data_source_reference = {
+      kind = "image"
+      uuid = nutanix_image.image.id
+    }
+  }
+
+  disk_list {
+    disk_size_bytes = 10 * 1024 * 1024 * 1024
+    device_properties {
+      device_type = "DISK"
+      disk_address = {
+        "adapter_type" = "SCSI"
+        "device_index" = "1"
+      }
+    }
+  }
+  nic_list {
+    subnet_uuid = data.nutanix_subnet.subnet.id
+  }
+}
+
+resource "nutanix_virtual_machine" "dev" {
+  name                 = "DEV - VM"
+  cluster_uuid         = data.nutanix_cluster.cluster.id
+  num_vcpus_per_socket = "2"
+  num_sockets          = "1"
+  memory_size_mib      = 1024
+  
+  categories {
+    name   = "Environment"
+    value  = "Dev"
+    }
+
+  disk_list {
+    data_source_reference = {
+      kind = "image"
+      uuid = nutanix_image.image.id
+    }
+  }
+
+  disk_list {
+    disk_size_bytes = 10 * 1024 * 1024 * 1024
+    device_properties {
+      device_type = "DISK"
+      disk_address = {
+        "adapter_type" = "SCSI"
+        "device_index" = "1"
+      }
+    }
+  }
+  nic_list {
+    subnet_uuid = data.nutanix_subnet.subnet.id
+  }
+}