From d477082964d8f798c75bfb39d1a7d7ca11820360 Mon Sep 17 00:00:00 2001
From: rthompson-synack <103610075+rthompson-synack@users.noreply.github.com>
Date: Tue, 19 Sep 2023 10:07:40 -0600
Subject: [PATCH] fix: Adds pass-through variables for ipv6 (#495)

---
 README.md    |  2 ++
 main.tf      |  2 ++
 variables.tf | 12 ++++++++++++
 3 files changed, 16 insertions(+)

diff --git a/README.md b/README.md
index 545a4d08..932b3aba 100644
--- a/README.md
+++ b/README.md
@@ -103,8 +103,10 @@ Then perform the following commands on the root folder:
 | delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | `bool` | `false` | no |
 | description | An optional description of this resource. The resource must be recreated to modify this field. | `string` | `""` | no |
 | egress\_rules | List of egress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br>    name                    = string<br>    description             = optional(string, null)<br>    priority                = optional(number, null)<br>    destination_ranges      = optional(list(string), [])<br>    source_ranges           = optional(list(string), [])<br>    source_tags             = optional(list(string))<br>    source_service_accounts = optional(list(string))<br>    target_tags             = optional(list(string))<br>    target_service_accounts = optional(list(string))<br><br>    allow = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    deny = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    log_config = optional(object({<br>      metadata = string<br>    }))<br>  }))</pre> | `[]` | no |
+| enable\_ipv6\_ula | Enabled IPv6 ULA, this is a permenant change and cannot be undone! (default 'false') | `bool` | `false` | no |
 | firewall\_rules | This is DEPRICATED and available for backward compatiblity. Use ingress\_rules and egress\_rules variables. List of firewall rules | <pre>list(object({<br>    name                    = string<br>    description             = optional(string, null)<br>    direction               = optional(string, "INGRESS")<br>    priority                = optional(number, null)<br>    ranges                  = optional(list(string), [])<br>    source_tags             = optional(list(string))<br>    source_service_accounts = optional(list(string))<br>    target_tags             = optional(list(string))<br>    target_service_accounts = optional(list(string))<br><br>    allow = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    deny = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    log_config = optional(object({<br>      metadata = string<br>    }))<br>  }))</pre> | `[]` | no |
 | ingress\_rules | List of ingress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br>    name                    = string<br>    description             = optional(string, null)<br>    priority                = optional(number, null)<br>    destination_ranges      = optional(list(string), [])<br>    source_ranges           = optional(list(string), [])<br>    source_tags             = optional(list(string))<br>    source_service_accounts = optional(list(string))<br>    target_tags             = optional(list(string))<br>    target_service_accounts = optional(list(string))<br><br>    allow = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    deny = optional(list(object({<br>      protocol = string<br>      ports    = optional(list(string))<br>    })), [])<br>    log_config = optional(object({<br>      metadata = string<br>    }))<br>  }))</pre> | `[]` | no |
+| internal\_ipv6\_range | When enabling IPv6 ULA, optionally, specify a /48 from fd20::/20 (default null) | `string` | `null` | no |
 | mtu | The network MTU (If set to 0, meaning MTU is unset - defaults to '1460'). Recommended values: 1460 (default for historic reasons), 1500 (Internet default), or 8896 (for Jumbo packets). Allowed are all values in the range 1300 to 8896, inclusively. | `number` | `0` | no |
 | network\_firewall\_policy\_enforcement\_order | Set the order that Firewall Rules and Firewall Policies are evaluated. Valid values are `BEFORE_CLASSIC_FIREWALL` and `AFTER_CLASSIC_FIREWALL`. (default null or equivalent to `AFTER_CLASSIC_FIREWALL`) | `string` | `null` | no |
 | network\_name | The name of the network being created | `string` | n/a | yes |
diff --git a/main.tf b/main.tf
index 785b1889..e52852f0 100644
--- a/main.tf
+++ b/main.tf
@@ -27,6 +27,8 @@ module "vpc" {
   shared_vpc_host                           = var.shared_vpc_host
   delete_default_internet_gateway_routes    = var.delete_default_internet_gateway_routes
   mtu                                       = var.mtu
+  enable_ipv6_ula                           = var.enable_ipv6_ula
+  internal_ipv6_range                       = var.internal_ipv6_range
   network_firewall_policy_enforcement_order = var.network_firewall_policy_enforcement_order
 }
 
diff --git a/variables.tf b/variables.tf
index 2e42414e..0514e636 100644
--- a/variables.tf
+++ b/variables.tf
@@ -179,6 +179,18 @@ variable "egress_rules" {
   }))
 }
 
+variable "enable_ipv6_ula" {
+  type        = bool
+  description = "Enabled IPv6 ULA, this is a permenant change and cannot be undone! (default 'false')"
+  default     = false
+}
+
+variable "internal_ipv6_range" {
+  type        = string
+  default     = null
+  description = "When enabling IPv6 ULA, optionally, specify a /48 from fd20::/20 (default null)"
+}
+
 variable "network_firewall_policy_enforcement_order" {
   type        = string
   default     = null