Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Change serverless-connector input type and update metadata #568

Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ docker_restore_examples:
.PHONY: docker_generate_docs
docker_generate_docs:
docker run --rm -it \
-e ENABLE_BPMETADATA \
-v $(CURDIR):/workspace \
$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs'
Expand Down
483 changes: 303 additions & 180 deletions metadata.yaml

Large diffs are not rendered by default.

368 changes: 188 additions & 180 deletions modules/fabric-net-firewall/metadata.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand All @@ -19,183 +19,191 @@ metadata:
annotations:
config.kubernetes.io/local-config: "true"
spec:
title: Google Cloud VPC Firewall
source:
repo: https://github.com/terraform-google-modules/terraform-google-network
sourceType: git
version: 9.1.0
actuationTool:
type: Terraform
version: '>= 0.13.0'
examples:
- name: basic_auto_mode
location: examples/basic_auto_mode
- name: basic_custom_mode
location: examples/basic_custom_mode
- name: basic_firewall_rule
location: examples/basic_firewall_rule
- name: basic_secondary_ranges
location: examples/basic_secondary_ranges
- name: basic_shared_vpc
location: examples/basic_shared_vpc
- name: basic_vpc_peering
location: examples/basic_vpc_peering
- name: delete_default_gateway_routes
location: examples/delete_default_gateway_routes
- name: firewall_logging
location: examples/firewall_logging
- name: ilb_routing
location: examples/ilb_routing
- name: multi_vpc
location: examples/multi_vpc
- name: network_service_tiers
location: examples/network_service_tiers
- name: packet_mirroring
location: examples/packet_mirroring
- name: private_service_connect
location: examples/private_service_connect
- name: private_service_connect_google_apis
location: examples/private_service_connect_google_apis
- name: routes
location: examples/routes
- name: secondary_ranges
location: examples/secondary_ranges
- name: simple_project
location: examples/simple_project
- name: simple_project_with_regional_network
location: examples/simple_project_with_regional_network
- name: submodule_firewall
location: examples/submodule_firewall
- name: submodule_network_peering
location: examples/submodule_network_peering
- name: submodule_svpc_access
location: examples/submodule_svpc_access
- name: submodule_vpc_serverless_connector
location: examples/submodule_vpc_serverless_connector
variables:
- name: admin_ranges
description: IP CIDR ranges that have complete access to all subnets.
type: list(string)
default: []
required: false
- name: admin_ranges_enabled
description: Enable admin ranges-based rules.
type: bool
default: false
required: false
- name: custom_rules
description: List of custom rule definitions (refer to variables file for syntax).
type: |-
map(object({
description = string
direction = string
action = string # (allow|deny)
ranges = list(string)
sources = list(string)
targets = list(string)
use_service_accounts = bool
rules = list(object({
protocol = string
ports = list(string)
}))
extra_attributes = map(string)
}))
default: {}
required: false
- name: http_source_ranges
description: List of IP CIDR ranges for tag-based HTTP rule, defaults to 0.0.0.0/0.
type: list(string)
default:
- 0.0.0.0/0
required: false
- name: http_target_tags
description: List of target tags for tag-based HTTP rule, defaults to http-server.
type: list(string)
default:
- http-server
required: false
- name: https_source_ranges
description: List of IP CIDR ranges for tag-based HTTPS rule, defaults to 0.0.0.0/0.
type: list(string)
default:
- 0.0.0.0/0
required: false
- name: https_target_tags
description: List of target tags for tag-based HTTPS rule, defaults to https-server.
type: list(string)
default:
- https-server
required: false
- name: internal_allow
description: Allow rules for internal ranges.
type: |-
list(object({
protocol = string
ports = optional(list(string))
}))
default:
- protocol: icmp
required: false
- name: internal_ranges
description: IP CIDR ranges for intra-VPC rules.
type: list(string)
default: []
required: false
- name: internal_ranges_enabled
description: Create rules for intra-VPC ranges.
type: bool
default: false
required: false
- name: internal_target_tags
description: List of target tags for intra-VPC rules.
type: list(string)
default: []
required: false
- name: network
description: Name of the network this set of firewall rules applies to.
type: string
required: true
- name: project_id
description: Project id of the project that holds the network.
type: string
required: true
- name: ssh_source_ranges
description: List of IP CIDR ranges for tag-based SSH rule, defaults to 0.0.0.0/0.
type: list(string)
default:
- 0.0.0.0/0
required: false
- name: ssh_target_tags
description: List of target tags for tag-based SSH rule, defaults to ssh.
type: list(string)
default:
- ssh
required: false
outputs:
- name: admin_ranges
description: Admin ranges data.
- name: custom_egress_allow_rules
description: Custom egress rules with allow blocks.
- name: custom_egress_deny_rules
description: Custom egress rules with allow blocks.
- name: custom_ingress_allow_rules
description: Custom ingress rules with allow blocks.
- name: custom_ingress_deny_rules
description: Custom ingress rules with deny blocks.
- name: internal_ranges
description: Internal ranges.
roles:
- level: Project
info:
title: Google Cloud VPC Firewall
source:
repo: https://github.com/q2w/terraform-google-network.git
sourceType: git
dir: /modules/fabric-net-firewall
version: 9.1.0
actuationTool:
flavor: Terraform
version: ">= 1.3"
description: {}
content:
examples:
- name: basic_auto_mode
location: examples/basic_auto_mode
- name: basic_custom_mode
location: examples/basic_custom_mode
- name: basic_firewall_rule
location: examples/basic_firewall_rule
- name: basic_secondary_ranges
location: examples/basic_secondary_ranges
- name: basic_shared_vpc
location: examples/basic_shared_vpc
- name: basic_vpc_peering
location: examples/basic_vpc_peering
- name: bidirectional-firewall-rules
location: examples/bidirectional-firewall-rules
- name: delete_default_gateway_routes
location: examples/delete_default_gateway_routes
- name: firewall_logging
location: examples/firewall_logging
- name: global-network-firewall-policy
location: examples/global-network-firewall-policy
- name: hierarchical-firewall-policy
location: examples/hierarchical-firewall-policy
- name: ilb_routing
location: examples/ilb_routing
- name: multi_vpc
location: examples/multi_vpc
- name: network_service_tiers
location: examples/network_service_tiers
- name: packet_mirroring
location: examples/packet_mirroring
- name: private_service_connect
location: examples/private_service_connect
- name: private_service_connect_google_apis
location: examples/private_service_connect_google_apis
- name: regional-network-firewall-policy
location: examples/regional-network-firewall-policy
- name: routes
location: examples/routes
- name: secondary_ranges
location: examples/secondary_ranges
- name: simple_ipv6_project
location: examples/simple_ipv6_project
- name: simple_project
location: examples/simple_project
- name: simple_project_with_regional_network
location: examples/simple_project_with_regional_network
- name: submodule_firewall
location: examples/submodule_firewall
- name: submodule_network_peering
location: examples/submodule_network_peering
- name: submodule_svpc_access
location: examples/submodule_svpc_access
- name: submodule_vpc_serverless_connector
location: examples/submodule_vpc_serverless_connector
interfaces:
variables:
- name: admin_ranges
description: IP CIDR ranges that have complete access to all subnets.
varType: list(string)
defaultValue: []
- name: admin_ranges_enabled
description: Enable admin ranges-based rules.
varType: bool
defaultValue: false
- name: custom_rules
description: List of custom rule definitions (refer to variables file for syntax).
varType: |-
map(object({
description = string
direction = string
action = string # (allow|deny)
ranges = list(string)
sources = list(string)
targets = list(string)
use_service_accounts = bool
rules = list(object({
protocol = string
ports = list(string)
}))
extra_attributes = map(string)
}))
defaultValue: {}
- name: http_source_ranges
description: List of IP CIDR ranges for tag-based HTTP rule, defaults to 0.0.0.0/0.
varType: list(string)
defaultValue:
- 0.0.0.0/0
- name: http_target_tags
description: List of target tags for tag-based HTTP rule, defaults to http-server.
varType: list(string)
defaultValue:
- http-server
- name: https_source_ranges
description: List of IP CIDR ranges for tag-based HTTPS rule, defaults to 0.0.0.0/0.
varType: list(string)
defaultValue:
- 0.0.0.0/0
- name: https_target_tags
description: List of target tags for tag-based HTTPS rule, defaults to https-server.
varType: list(string)
defaultValue:
- https-server
- name: internal_allow
description: Allow rules for internal ranges.
varType: |-
list(object({
protocol = string
ports = optional(list(string))
}))
defaultValue:
- protocol: icmp
- name: internal_ranges
description: IP CIDR ranges for intra-VPC rules.
varType: list(string)
defaultValue: []
- name: internal_ranges_enabled
description: Create rules for intra-VPC ranges.
varType: bool
defaultValue: false
- name: internal_target_tags
description: List of target tags for intra-VPC rules.
varType: list(string)
defaultValue: []
- name: network
description: Name of the network this set of firewall rules applies to.
varType: string
required: true
- name: project_id
description: Project id of the project that holds the network.
varType: string
required: true
- name: ssh_source_ranges
description: List of IP CIDR ranges for tag-based SSH rule, defaults to 0.0.0.0/0.
varType: list(string)
defaultValue:
- 0.0.0.0/0
- name: ssh_target_tags
description: List of target tags for tag-based SSH rule, defaults to ssh.
varType: list(string)
defaultValue:
- ssh
outputs:
- name: admin_ranges
description: Admin ranges data.
- name: custom_egress_allow_rules
description: Custom egress rules with allow blocks.
- name: custom_egress_deny_rules
description: Custom egress rules with allow blocks.
- name: custom_ingress_allow_rules
description: Custom ingress rules with allow blocks.
- name: custom_ingress_deny_rules
description: Custom ingress rules with deny blocks.
- name: internal_ranges
description: Internal ranges.
requirements:
roles:
- roles/compute.networkAdmin
- roles/compute.securityAdmin
- roles/iam.serviceAccountUser
- roles/vpcaccess.admin
- roles/serviceusage.serviceUsageAdmin
- roles/dns.admin
services:
- cloudresourcemanager.googleapis.com
- compute.googleapis.com
- serviceusage.googleapis.com
- vpcaccess.googleapis.com
- dns.googleapis.com
- level: Project
roles:
- roles/compute.networkAdmin
- roles/compute.securityAdmin
- roles/iam.serviceAccountUser
- roles/vpcaccess.admin
- roles/serviceusage.serviceUsageAdmin
- roles/dns.admin
- roles/resourcemanager.tagAdmin
- roles/iam.serviceAccountAdmin
- roles/compute.orgFirewallPolicyAdmin
services:
- cloudresourcemanager.googleapis.com
- compute.googleapis.com
- serviceusage.googleapis.com
- vpcaccess.googleapis.com
- dns.googleapis.com
- networksecurity.googleapis.com
- iam.googleapis.com
Loading