From 379568f0b4fe0f1af1065606b35deb1a01644c65 Mon Sep 17 00:00:00 2001 From: Michael Malet Date: Wed, 2 Oct 2024 12:19:04 +0100 Subject: [PATCH] feat(bastion-group): add variable for additional_ports This is just a passthrough to support the option which already exists on the root module. Signed-off-by: Michael Malet --- .terraform.lock | 0 modules/bastion-group/README.md | 1 + modules/bastion-group/main.tf | 1 + modules/bastion-group/variables.tf | 6 ++++++ 4 files changed, 8 insertions(+) create mode 100644 .terraform.lock diff --git a/.terraform.lock b/.terraform.lock new file mode 100644 index 00000000..e69de29b diff --git a/modules/bastion-group/README.md b/modules/bastion-group/README.md index a12afa09..e1812a20 100644 --- a/modules/bastion-group/README.md +++ b/modules/bastion-group/README.md @@ -74,6 +74,7 @@ provision a project with the necessary APIs enabled. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | additional\_networks | Additional network interface details for the instance template, if any. | 
list(object({
    network            = string
    subnetwork         = string
    subnetwork_project = string
    network_ip         = string
    nic_type           = string
    stack_type         = string
    queue_count        = number
    access_config = list(object({
      nat_ip       = string
      network_tier = string
    }))
    ipv6_access_config = list(object({
      network_tier = string
    }))
    alias_ip_range = list(object({
      ip_cidr_range         = string
      subnetwork_range_name = string
    }))
  }))
| `[]` | no | +| additional\_ports | A list of additional ports/ranges to open access to on the instances from IAP. | `list(string)` | `[]` | no | | fw\_name\_allow\_ssh\_from\_health\_check\_cidrs | Firewall rule name for allowing Health Checks | `string` | `"allow-ssh-from-health-check-cidrs"` | no | | fw\_name\_allow\_ssh\_from\_iap | Firewall rule name for allowing SSH from IAP | `string` | `"allow-ssh-from-iap-to-bastion-group"` | no | | health\_check | Health check config for the mig. | 
object({
    type                = string
    initial_delay_sec   = number
    check_interval_sec  = number
    healthy_threshold   = number
    timeout_sec         = number
    unhealthy_threshold = number
    response            = string
    proxy_header        = string
    port                = number
    request             = string
    enable_logging      = bool

    # Unused fields.
    request_path = string
    host         = string
  })
| 
{
  "check_interval_sec": 30,
  "enable_logging": false,
  "healthy_threshold": 1,
  "host": "",
  "initial_delay_sec": 30,
  "port": 22,
  "proxy_header": "NONE",
  "request": "",
  "request_path": "",
  "response": "",
  "timeout_sec": 10,
  "type": "tcp",
  "unhealthy_threshold": 5
}
| no | diff --git a/modules/bastion-group/main.tf b/modules/bastion-group/main.tf index bc728430..867c737a 100644 --- a/modules/bastion-group/main.tf +++ b/modules/bastion-group/main.tf @@ -35,6 +35,7 @@ module "iap_bastion" { startup_script = var.startup_script subnet = var.subnet additional_networks = var.additional_networks + additional_ports = var.additional_ports zone = var.zone random_role_id = var.random_role_id fw_name_allow_ssh_from_iap = var.fw_name_allow_ssh_from_iap diff --git a/modules/bastion-group/variables.tf b/modules/bastion-group/variables.tf index 558e022c..5e7f7cdd 100644 --- a/modules/bastion-group/variables.tf +++ b/modules/bastion-group/variables.tf @@ -197,6 +197,12 @@ variable "fw_name_allow_ssh_from_iap" { default = "allow-ssh-from-iap-to-bastion-group" } +variable "additional_ports" { + description = "A list of additional ports/ranges to open access to on the instances from IAP." + type = list(string) + default = [] +} + variable "additional_networks" { description = "Additional network interface details for the instance template, if any." default = []