From 1b745fea66793593cf08fe2865953ea4efa89776 Mon Sep 17 00:00:00 2001
From: Hirano Yuki <yuuki0xff@gmail.com>
Date: Wed, 28 Aug 2024 16:43:24 +0900
Subject: [PATCH] Add additional security group rules support

When customizing Amphora, like syslog forwarding support, we need to add
some rules to octavia_sec_grp. This change allows us to specify
additional rules using variables.

Change-Id: Ia0388171b784615924f5a5dafb5e160e942123db
---
 defaults/main.yml                                            | 2 ++
 ...tional-security-group-rules-support-99470d209ffa97c4.yaml | 5 +++++
 tasks/octavia_resources.yml                                  | 1 +
 3 files changed, 8 insertions(+)
 create mode 100644 releasenotes/notes/add-additional-security-group-rules-support-99470d209ffa97c4.yaml

diff --git a/defaults/main.yml b/defaults/main.yml
index 41d78687..ff4a09d8 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -337,6 +337,8 @@ octavia_amp_image_resource:
 
 # Name of the Octavia security group
 octavia_security_group_name: octavia_sec_grp
+# Additional rules to add to the security group for the amphora
+octavia_security_group_additional_rules: []
 # Restrict access to only authorized hosts
 octavia_security_group_rule_cidr: "{{ octavia_management_net_subnet_cidr }}"
 # ssh enabled - switch to True if you need ssh access to the amphora
diff --git a/releasenotes/notes/add-additional-security-group-rules-support-99470d209ffa97c4.yaml b/releasenotes/notes/add-additional-security-group-rules-support-99470d209ffa97c4.yaml
new file mode 100644
index 00000000..25a956a8
--- /dev/null
+++ b/releasenotes/notes/add-additional-security-group-rules-support-99470d209ffa97c4.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - Added a new variable ``octavia_security_group_additional_rules``
+    that allows configuration of additional security group rules for
+    Amphora.
diff --git a/tasks/octavia_resources.yml b/tasks/octavia_resources.yml
index 45936e75..f084a992 100644
--- a/tasks/octavia_resources.yml
+++ b/tasks/octavia_resources.yml
@@ -97,6 +97,7 @@
             {% if octavia_management_net_dhcp %}
             {%   set _ = rules.append(_octavia_security_rule_dhcp) %}
             {% endif %}
+            {% set _ = rules.extend(octavia_security_group_additional_rules) %}
             {{ rules }}
     openstack_resources_network: |-
       {% set network_resources = _octavia_security_groups %}