Skip to content

Commit

Permalink
feat: Add in disabled field to firewall-rules
Browse files Browse the repository at this point in the history
  • Loading branch information
NA2047 authored and Andrew Garcia-corley committed Dec 3, 2023
1 parent 2ecd3eb commit 2e9ea9e
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 3 deletions.
6 changes: 3 additions & 3 deletions modules/firewall-rules/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,11 +40,11 @@ module "firewall_rules" {

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| egress\_rules | List of egress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br> name = string<br> description = optional(string, null)<br> priority = optional(number, null)<br> destination_ranges = optional(list(string), [])<br> source_ranges = optional(list(string), [])<br> source_tags = optional(list(string))<br> source_service_accounts = optional(list(string))<br> target_tags = optional(list(string))<br> target_service_accounts = optional(list(string))<br><br> allow = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> deny = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> log_config = optional(object({<br> metadata = string<br> }))<br> }))</pre> | `[]` | no |
| ingress\_rules | List of ingress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br> name = string<br> description = optional(string, null)<br> priority = optional(number, null)<br> destination_ranges = optional(list(string), [])<br> source_ranges = optional(list(string), [])<br> source_tags = optional(list(string))<br> source_service_accounts = optional(list(string))<br> target_tags = optional(list(string))<br> target_service_accounts = optional(list(string))<br><br> allow = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> deny = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> log_config = optional(object({<br> metadata = string<br> }))<br> }))</pre> | `[]` | no |
| egress\_rules | List of egress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br> name = string<br> description = optional(string, null)<br> disabled = optional(bool, null)<br> priority = optional(number, null)<br> destination_ranges = optional(list(string), [])<br> source_ranges = optional(list(string), [])<br> source_tags = optional(list(string))<br> source_service_accounts = optional(list(string))<br> target_tags = optional(list(string))<br> target_service_accounts = optional(list(string))<br><br> allow = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> deny = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> log_config = optional(object({<br> metadata = string<br> }))<br> }))</pre> | `[]` | no |
| ingress\_rules | List of ingress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br> name = string<br> description = optional(string, null)<br> disabled = optional(bool, null)<br> priority = optional(number, null)<br> destination_ranges = optional(list(string), [])<br> source_ranges = optional(list(string), [])<br> source_tags = optional(list(string))<br> source_service_accounts = optional(list(string))<br> target_tags = optional(list(string))<br> target_service_accounts = optional(list(string))<br><br> allow = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> deny = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> log_config = optional(object({<br> metadata = string<br> }))<br> }))</pre> | `[]` | no |
| network\_name | Name of the network this set of firewall rules applies to. | `string` | n/a | yes |
| project\_id | Project id of the project that holds the network. | `string` | n/a | yes |
| rules | This is DEPRICATED and available for backward compatiblity. Use ingress\_rules and egress\_rules variables. List of custom rule definitions | <pre>list(object({<br> name = string<br> description = optional(string, null)<br> direction = optional(string, "INGRESS")<br> priority = optional(number, null)<br> ranges = optional(list(string), [])<br> source_tags = optional(list(string))<br> source_service_accounts = optional(list(string))<br> target_tags = optional(list(string))<br> target_service_accounts = optional(list(string))<br><br> allow = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> deny = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> log_config = optional(object({<br> metadata = string<br> }))<br> }))</pre> | `[]` | no |
| rules | This is DEPRICATED and available for backward compatiblity. Use ingress\_rules and egress\_rules variables. List of custom rule definitions | <pre>list(object({<br> name = string<br> description = optional(string, null)<br> direction = optional(string, "INGRESS")<br> disabled = optional(bool, null)<br> priority = optional(number, null)<br> ranges = optional(list(string), [])<br> source_tags = optional(list(string))<br> source_service_accounts = optional(list(string))<br> target_tags = optional(list(string))<br> target_service_accounts = optional(list(string))<br><br> allow = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> deny = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> log_config = optional(object({<br> metadata = string<br> }))<br> }))</pre> | `[]` | no |

## Outputs

Expand Down
2 changes: 2 additions & 0 deletions modules/firewall-rules/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ resource "google_compute_firewall" "rules" {
name = each.value.name
description = each.value.description
direction = each.value.direction
disabled = each.value.disabled
network = var.network_name
project = var.project_id
source_ranges = each.value.direction == "INGRESS" ? each.value.ranges : null
Expand Down Expand Up @@ -64,6 +65,7 @@ resource "google_compute_firewall" "rules_ingress_egress" {
name = each.value.name
description = each.value.description
direction = each.value.direction
disabled = each.value.disabled
network = var.network_name
project = var.project_id
source_ranges = lookup(each.value, "source_ranges", null)
Expand Down
3 changes: 3 additions & 0 deletions modules/firewall-rules/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ variable "rules" {
name = string
description = optional(string, null)
direction = optional(string, "INGRESS")
disabled = optional(bool, null)
priority = optional(number, null)
ranges = optional(list(string), [])
source_tags = optional(list(string))
Expand Down Expand Up @@ -58,6 +59,7 @@ variable "ingress_rules" {
type = list(object({
name = string
description = optional(string, null)
disabled = optional(bool, null)
priority = optional(number, null)
destination_ranges = optional(list(string), [])
source_ranges = optional(list(string), [])
Expand Down Expand Up @@ -86,6 +88,7 @@ variable "egress_rules" {
type = list(object({
name = string
description = optional(string, null)
disabled = optional(bool, null)
priority = optional(number, null)
destination_ranges = optional(list(string), [])
source_ranges = optional(list(string), [])
Expand Down

0 comments on commit 2e9ea9e

Please sign in to comment.