From 2e9ea9edff08a7789f0eb9b5ab5f17cac3debb49 Mon Sep 17 00:00:00 2001
From: Andrew Garcia-Corley <atgarcia@ucalgary.ca>
Date: Sat, 2 Dec 2023 17:41:57 -0500
Subject: [PATCH] feat: Add in disabled field to firewall-rules

---
 modules/firewall-rules/README.md    | 6 +++---
 modules/firewall-rules/main.tf      | 2 ++
 modules/firewall-rules/variables.tf | 3 +++
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/modules/firewall-rules/README.md b/modules/firewall-rules/README.md
index 9a281a551..e08aafbd2 100644
--- a/modules/firewall-rules/README.md
+++ b/modules/firewall-rules/README.md
@@ -40,11 +40,11 @@ module "firewall_rules" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| egress\_rules | List of egress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br>    name                    = string<br>    description             = optional(string, null)<br>    priority                = optional(number, null)<br>    destination_ranges      = optional(list(string), [])<br>    source_ranges           = optional(list(string), [])<br>    source_tags             = optional(list(string))<br>    source_service_accounts = optional(list(string))<br>    target_tags             = optional(list(string))<br>    target_service_accounts = optional(list(string))<br><br>    allow = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    deny = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    log_config = optional(object({<br>      metadata = string<br>    }))<br>  }))</pre> | `[]` | no |
-| ingress\_rules | List of ingress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br>    name                    = string<br>    description             = optional(string, null)<br>    priority                = optional(number, null)<br>    destination_ranges      = optional(list(string), [])<br>    source_ranges           = optional(list(string), [])<br>    source_tags             = optional(list(string))<br>    source_service_accounts = optional(list(string))<br>    target_tags             = optional(list(string))<br>    target_service_accounts = optional(list(string))<br><br>    allow = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    deny = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    log_config = optional(object({<br>      metadata = string<br>    }))<br>  }))</pre> | `[]` | no |
+| egress\_rules | List of egress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br>    name                    = string<br>    description             = optional(string, null)<br>    disabled                = optional(bool, null)<br>    priority                = optional(number, null)<br>    destination_ranges      = optional(list(string), [])<br>    source_ranges           = optional(list(string), [])<br>    source_tags             = optional(list(string))<br>    source_service_accounts = optional(list(string))<br>    target_tags             = optional(list(string))<br>    target_service_accounts = optional(list(string))<br><br>    allow = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    deny = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    log_config = optional(object({<br>      metadata = string<br>    }))<br>  }))</pre> | `[]` | no |
+| ingress\_rules | List of ingress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br>    name                    = string<br>    description             = optional(string, null)<br>    disabled                = optional(bool, null)<br>    priority                = optional(number, null)<br>    destination_ranges      = optional(list(string), [])<br>    source_ranges           = optional(list(string), [])<br>    source_tags             = optional(list(string))<br>    source_service_accounts = optional(list(string))<br>    target_tags             = optional(list(string))<br>    target_service_accounts = optional(list(string))<br><br>    allow = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    deny = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    log_config = optional(object({<br>      metadata = string<br>    }))<br>  }))</pre> | `[]` | no |
 | network\_name | Name of the network this set of firewall rules applies to. | `string` | n/a | yes |
 | project\_id | Project id of the project that holds the network. | `string` | n/a | yes |
-| rules | This is DEPRICATED and available for backward compatiblity. Use ingress\_rules and egress\_rules variables. List of custom rule definitions | <pre>list(object({<br>    name                    = string<br>    description             = optional(string, null)<br>    direction               = optional(string, "INGRESS")<br>    priority                = optional(number, null)<br>    ranges                  = optional(list(string), [])<br>    source_tags             = optional(list(string))<br>    source_service_accounts = optional(list(string))<br>    target_tags             = optional(list(string))<br>    target_service_accounts = optional(list(string))<br><br>    allow = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    deny = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    log_config = optional(object({<br>      metadata = string<br>    }))<br>  }))</pre> | `[]` | no |
+| rules | This is DEPRICATED and available for backward compatiblity. Use ingress\_rules and egress\_rules variables. List of custom rule definitions | <pre>list(object({<br>    name                    = string<br>    description             = optional(string, null)<br>    direction               = optional(string, "INGRESS")<br>    disabled                = optional(bool, null)<br>    priority                = optional(number, null)<br>    ranges                  = optional(list(string), [])<br>    source_tags             = optional(list(string))<br>    source_service_accounts = optional(list(string))<br>    target_tags             = optional(list(string))<br>    target_service_accounts = optional(list(string))<br><br>    allow = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    deny = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    log_config = optional(object({<br>      metadata = string<br>    }))<br>  }))</pre> | `[]` | no |
 
 ## Outputs
 
diff --git a/modules/firewall-rules/main.tf b/modules/firewall-rules/main.tf
index 83159be42..f37b01527 100644
--- a/modules/firewall-rules/main.tf
+++ b/modules/firewall-rules/main.tf
@@ -25,6 +25,7 @@ resource "google_compute_firewall" "rules" {
   name                    = each.value.name
   description             = each.value.description
   direction               = each.value.direction
+  disabled                = each.value.disabled
   network                 = var.network_name
   project                 = var.project_id
   source_ranges           = each.value.direction == "INGRESS" ? each.value.ranges : null
@@ -64,6 +65,7 @@ resource "google_compute_firewall" "rules_ingress_egress" {
   name                    = each.value.name
   description             = each.value.description
   direction               = each.value.direction
+  disabled                = each.value.disabled
   network                 = var.network_name
   project                 = var.project_id
   source_ranges           = lookup(each.value, "source_ranges", null)
diff --git a/modules/firewall-rules/variables.tf b/modules/firewall-rules/variables.tf
index 1b42d4d3e..3072801ed 100644
--- a/modules/firewall-rules/variables.tf
+++ b/modules/firewall-rules/variables.tf
@@ -31,6 +31,7 @@ variable "rules" {
     name                    = string
     description             = optional(string, null)
     direction               = optional(string, "INGRESS")
+    disabled                = optional(bool, null)
     priority                = optional(number, null)
     ranges                  = optional(list(string), [])
     source_tags             = optional(list(string))
@@ -58,6 +59,7 @@ variable "ingress_rules" {
   type = list(object({
     name                    = string
     description             = optional(string, null)
+    disabled                = optional(bool, null)
     priority                = optional(number, null)
     destination_ranges      = optional(list(string), [])
     source_ranges           = optional(list(string), [])
@@ -86,6 +88,7 @@ variable "egress_rules" {
   type = list(object({
     name                    = string
     description             = optional(string, null)
+    disabled                = optional(bool, null)
     priority                = optional(number, null)
     destination_ranges      = optional(list(string), [])
     source_ranges           = optional(list(string), [])