zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1409 from rosmo/secure-web-proxy 

Added module for Secure Web Proxy
This commit is contained in:
Taneli Leppä 2023-06-13 09:07:18 +02:00 committed by GitHub
parent 19860333a7 81285065ca
commit 0d0b37b599
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
106 changed files with 932 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
blueprints/apigee/bigquery-analytics/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/cloud-operations/adfs/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/cloud-operations/asset-inventory-feed-remediation/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/cloud-operations/dns-fine-grained-iam/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/cloud-operations/dns-shared-vpc/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/cloud-operations/iam-delegated-role-grants/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/cloud-operations/onprem-sa-key-management/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/cloud-operations/packer-image-builder/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/cloud-operations/quota-monitoring/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/cloud-operations/scheduled-asset-inventory-export-bq/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/data-solutions/bq-ml/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/data-solutions/cmek-via-centralized-kms/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/data-solutions/data-playground/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/data-solutions/gcs-to-bq-with-least-privileges/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/factories/net-vpc-firewall-yaml/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/networking/__need_fixing/onprem-google-access-dns/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/networking/decentralized-firewall/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/networking/filtering-proxy-psc/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/networking/filtering-proxy/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/networking/hub-and-spoke-peering/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/networking/hub-and-spoke-vpn/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/networking/ilb-next-hop/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/networking/private-cloud-function-from-onprem/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/networking/shared-vpc-gke/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
blueprints/third-party-solutions/openshift/tf/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
default-versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

29
examples/third-party-solutions/gitlab/versions.tf Normal file
View File

@ -0,0 +1,29 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
terraform {
required_version = ">= 1.4.4"
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.69.0" # tftest
}
}
}

1
modules/README.md
View File

@ -96,6 +96,7 @@ These modules are used in the examples included in this repository. If you are u
- [KMS](./kms)
- [SecretManager](./secret-manager)
- [VPC Service Control](./vpc-sc)
- [Secure Web Proxy](./net-vpc-swp)
## Serverless

4
modules/__experimental/net-neg/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/alloydb-instance/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/api-gateway/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/apigee/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/artifact-registry/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/bigquery-dataset/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/bigtable-instance/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/billing-budget/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/binauthz/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/cloud-config-container/__need_fixing/onprem/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/cloud-config-container/coredns/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/cloud-config-container/cos-generic-metadata/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/cloud-config-container/envoy-traffic-director/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/cloud-config-container/mysql/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/cloud-config-container/nginx-tls/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/cloud-config-container/nginx/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/cloud-config-container/simple-nva/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/cloud-config-container/squid/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/cloud-dataplex/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/cloud-function/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/cloud-identity-group/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/cloud-run/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/cloudsql-instance/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/compute-mig/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/compute-vm/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/container-registry/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/data-catalog-policy-tag/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/datafusion/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/dataproc/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/dns-response-policy/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/dns/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/endpoints/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/folder/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/gcs/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/gke-cluster-autopilot/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/gke-cluster-standard/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/gke-hub/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/gke-nodepool/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/iam-service-account/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/kms/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/logging-bucket/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/ncc-spoke-ra/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/net-address/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/net-cloudnat/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/net-glb/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/net-ilb-l7/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/net-ilb/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/net-ipsec-over-interconnect/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/net-nlb/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/net-vlan-attachment/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/net-vpc-firewall-policy/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/net-vpc-firewall/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/net-vpc-peering/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

194
modules/net-vpc-swp/README.md Normal file
View File

@ -0,0 +1,194 @@
# Google Cloud Secure Web Proxy
This module allows creation and management of [Secure Web Proxy](https://cloud.google.com/secure-web-proxy/docs/overview) alongside with its security
policies:
- Secure tag based rules via the `policy_rules.secure_tags` variable
- Url list rules via the `policy_rules.url_lists` variable
- Custom rules via the `policy_rules.custom`
## Examples
### Minimal Secure Web Proxy
(Note that this will not allow any request to pass.)
```hcl
module "secure-web-proxy" {
source = "./fabric/modules/net-vpc-swp"
project_id = "my-project"
region = "europe-west4"
name = "secure-web-proxy"
network = "projects/my-project/global/networks/my-network"
subnetwork = "projects/my-project/regions/europe-west4/subnetworks/my-subnetwork"
addresses = ["10.142.68.3"]
certificates = ["projects/my-project/locations/europe-west4/certificates/secure-web-proxy-cert"]
labels = {
example = "value"
}
}
# tftest modules=1 resources=2 inventory=basic.yaml
```
### Secure Web Proxy with rules
```hcl
module "secure-web-proxy" {
source = "./fabric/modules/net-vpc-swp"
project_id = "my-project"
region = "europe-west4"
name = "secure-web-proxy"
network = "projects/my-project/global/networks/my-network"
subnetwork = "projects/my-project/regions/europe-west4/subnetworks/my-subnetwork"
addresses = ["10.142.68.3"]
certificates = ["projects/my-project/locations/europe-west4/certificates/secure-web-proxy-cert"]
ports = [80, 443]
policy_rules = {
secure_tags = {
secure-tag-1 = {
tag = "tagValues/281484836404786"
priority = 1000
}
secure-tag-2 = {
tag = "tagValues/281484836404786"
session_matcher = "host() != 'google.com'"
priority = 1001
}
}
url_lists = {
url-list-1 = {
url_list = "my-url-list"
values = ["www.google.com", "google.com"]
priority = 1002
}
url-list-2 = {
url_list = "projects/my-project/locations/europe-west4/urlLists/my-url-list"
session_matcher = "source.matchServiceAccount('my-sa@my-project.iam.gserviceaccount.com')"
enabled = false
priority = 1003
}
}
custom = {
custom-rule-1 = {
priority = 1004
session_matcher = "host() == 'google.com'"
action = "DENY"
}
}
}
}
# tftest modules=1 resources=8 inventory=rules.yaml
```
### Secure Web Proxy with TLS inspection
```hcl
resource "google_privateca_ca_pool" "pool" {
name = "secure-web-proxy-capool"
location = "europe-west4"
project = "my-project"
tier = "DEVOPS"
}
resource "google_privateca_certificate_authority" "ca" {
pool = google_privateca_ca_pool.pool.name
certificate_authority_id = "secure-web-proxy-ca"
location = "europe-west4"
project = "my-project"
deletion_protection = "false"
config {
subject_config {
subject {
organization = "Cloud Foundation Fabric"
common_name = "fabric"
}
}
x509_config {
ca_options {
is_ca = true
}
key_usage {
base_key_usage {
cert_sign = true
crl_sign = true
}
extended_key_usage {
server_auth = true
}
}
}
}
lifetime = "1209600s"
key_spec {
algorithm = "EC_P256_SHA256"
}
}
resource "google_privateca_ca_pool_iam_member" "member" {
ca_pool = google_privateca_ca_pool.pool.id
role = "roles/privateca.certificateManager"
member = "serviceAccount:service-123456789@gcp-sa-networksecurity.iam.gserviceaccount.com"
}
module "secure-web-proxy" {
source = "./fabric/modules/net-vpc-swp"
project_id = "my-project"
region = "europe-west4"
name = "secure-web-proxy"
network = "projects/my-project/global/networks/my-network"
subnetwork = "projects/my-project/regions/europe-west4/subnetworks/my-subnetwork"
addresses = ["10.142.68.3"]
certificates = ["projects/my-project/locations/europe-west4/certificates/secure-web-proxy-cert"]
ports = [443]
policy_rules = {
custom = {
custom-rule-1 = {
priority = 1000
session_matcher = "host() == 'google.com'"
application_matcher = "request.path.contains('generate_204')"
action = "ALLOW"
tls_inspection_enabled = true
}
}
}
tls_inspection_config = {
ca_pool = google_privateca_ca_pool.pool.id
}
}
# tftest modules=1 resources=7 inventory=tls.yaml
```
<!-- BEGIN TFDOC -->
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [addresses](variables.tf#L19) | One or more IP addresses to be used for Secure Web Proxy. | <code></code> | ✓ | |
| [certificates](variables.tf#L27) | List of certificates to be used for Secure Web Proxy. | <code>list&#40;string&#41;</code> | ✓ | |
| [name](variables.tf#L44) | Name of the Secure Web Proxy resource. | <code>string</code> | ✓ | |
| [network](variables.tf#L49) | Name of the network the Secure Web Proxy is deployed into. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L110) | Project id of the project that holds the network. | <code>string</code> | ✓ | |
| [region](variables.tf#L115) | Region where resources will be created. | <code>string</code> | ✓ | |
| [subnetwork](variables.tf#L126) | Name of the subnetwork the Secure Web Proxy is deployed into. | <code>string</code> | ✓ | |
| [delete_swg_autogen_router_on_destroy](variables.tf#L32) | Delete automatically provisioned Cloud Router on destroy. | <code>bool</code> | | <code>true</code> |
| [labels](variables.tf#L38) | Resource labels. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [policy_rules](variables.tf#L54) | List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created. | <code title="object&#40;&#123;&#10; secure_tags &#61; optional&#40;map&#40;object&#40;&#123;&#10; tag &#61; string&#10; session_matcher &#61; optional&#40;string&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; priority &#61; number&#10; action &#61; optional&#40;string, &#34;ALLOW&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; tls_inspection_enabled &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#10;&#10; url_lists &#61; optional&#40;map&#40;object&#40;&#123;&#10; url_list &#61; string&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10; session_matcher &#61; optional&#40;string&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; priority &#61; number&#10; action &#61; optional&#40;string, &#34;ALLOW&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; tls_inspection_enabled &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#10;&#10; custom &#61; optional&#40;map&#40;object&#40;&#123;&#10; session_matcher &#61; optional&#40;string&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; priority &#61; number&#10; action &#61; optional&#40;string, &#34;ALLOW&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; tls_inspection_enabled &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [ports](variables.tf#L104) | Ports to use for Secure Web Proxy. | <code>list&#40;number&#41;</code> | | <code>&#91;443&#93;</code> |
| [scope](variables.tf#L120) | Scope determines how configuration across multiple Gateway instances are merged. | <code>string</code> | | <code>null</code> |
| [tls_inspection_config](variables.tf#L131) | TLS inspection configuration. | <code title="object&#40;&#123;&#10; ca_pool &#61; string&#10; exclude_public_ca_set &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [gateway](outputs.tf#L17) | The gateway resource. | |
| [gateway_security_policy](outputs.tf#L22) | The gateway security policy resource. | |
| [id](outputs.tf#L27) | ID of the gateway resource. | |
<!-- END TFDOC -->

121
modules/net-vpc-swp/main.tf Normal file
View File

@ -0,0 +1,121 @@
/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
create_url_lists = { for k, v in var.policy_rules.url_lists : v.url_list => v if v.values != null }
}
resource "google_network_security_gateway_security_policy" "policy" {
provider = google-beta
project = var.project_id
name = var.name
location = var.region
description = "Managed by Terraform."
tls_inspection_policy = var.tls_inspection_config != null ? google_network_security_tls_inspection_policy.tls-policy.0.id : null
}
resource "google_network_security_tls_inspection_policy" "tls-policy" {
count = var.tls_inspection_config != null ? 1 : 0
provider = google-beta
project = var.project_id
name = var.name
location = var.region
ca_pool = var.tls_inspection_config.ca_pool
exclude_public_ca_set = var.tls_inspection_config.exclude_public_ca_set
}
resource "google_network_security_gateway_security_policy_rule" "secure_tag_rules" {
for_each = var.policy_rules.secure_tags
provider = google-beta
project = var.project_id
name = each.key
location = var.region
gateway_security_policy = google_network_security_gateway_security_policy.policy.name
enabled = each.value.enabled
priority = each.value.priority
session_matcher = trimspace(<<-EOT
source.matchTag('${each.value.tag}')%{if each.value.session_matcher != null} && (${each.value.session_matcher})%{endif~}
EOT
)
application_matcher = each.value.application_matcher
tls_inspection_enabled = each.value.tls_inspection_enabled
basic_profile = each.value.action
}
resource "google_network_security_url_lists" "url_lists" {
for_each = local.create_url_lists
provider = google-beta
project = var.project_id
name = each.key
location = var.region
description = "Managed by Terraform."
values = each.value.values
}
resource "google_network_security_gateway_security_policy_rule" "url_list_rules" {
for_each = var.policy_rules.url_lists
provider = google-beta
project = var.project_id
name = each.key
location = var.region
gateway_security_policy = google_network_security_gateway_security_policy.policy.name
enabled = each.value.enabled
priority = each.value.priority
session_matcher = trimspace(<<-EOT
inUrlList(host(), '%{~if each.value.values != null~}
${~google_network_security_url_lists.url_lists[each.value.url_list].id~}
%{~else~}
${~each.value.url_list~}
%{~endif~}') %{~if each.value.session_matcher != null} && (${each.value.session_matcher})%{~endif~}
EOT
)
application_matcher = each.value.application_matcher
tls_inspection_enabled = each.value.tls_inspection_enabled
basic_profile = each.value.action
}
resource "google_network_security_gateway_security_policy_rule" "custom_rules" {
for_each = var.policy_rules.custom
project = var.project_id
provider = google-beta
name = each.key
location = var.region
gateway_security_policy = google_network_security_gateway_security_policy.policy.name
enabled = each.value.enabled
priority = each.value.priority
session_matcher = each.value.session_matcher
application_matcher = each.value.application_matcher
tls_inspection_enabled = each.value.tls_inspection_enabled
basic_profile = each.value.action
}
resource "google_network_services_gateway" "gateway" {
provider = google-beta
project = var.project_id
name = var.name
location = var.region
labels = var.labels
addresses = var.addresses != null ? var.addresses : []
type = "SECURE_WEB_GATEWAY"
ports = var.ports
scope = var.scope != null ? var.scope : ""
certificate_urls = var.certificates
gateway_security_policy = google_network_security_gateway_security_policy.policy.id
network = var.network
subnetwork = var.subnetwork
delete_swg_autogen_router_on_destroy = var.delete_swg_autogen_router_on_destroy
}

30
modules/net-vpc-swp/outputs.tf Normal file
View File

@ -0,0 +1,30 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
output "gateway" {
description = "The gateway resource."
value = google_network_services_gateway.gateway
}
output "gateway_security_policy" {
description = "The gateway security policy resource."
value = google_network_services_gateway.gateway.gateway_security_policy
}
output "id" {
description = "ID of the gateway resource."
value = google_network_services_gateway.gateway.id
}

138
modules/net-vpc-swp/variables.tf Normal file
View File

@ -0,0 +1,138 @@
/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "addresses" {
description = "One or more IP addresses to be used for Secure Web Proxy."
validation {
condition = length(var.addresses) > 0
error_message = "Must specify at least one IP address."
}
}
variable "certificates" {
description = "List of certificates to be used for Secure Web Proxy."
type = list(string)
}
variable "delete_swg_autogen_router_on_destroy" {
description = "Delete automatically provisioned Cloud Router on destroy."
type = bool
default = true
}
variable "labels" {
description = "Resource labels."
type = map(string)
default = {}
}
variable "name" {
description = "Name of the Secure Web Proxy resource."
type = string
}
variable "network" {
description = "Name of the network the Secure Web Proxy is deployed into."
type = string
}
variable "policy_rules" {
description = "List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created."
type = object({
secure_tags = optional(map(object({
tag = string
session_matcher = optional(string)
application_matcher = optional(string)
priority = number
action = optional(string, "ALLOW")
enabled = optional(bool, true)
tls_inspection_enabled = optional(bool, false)
})), {})
url_lists = optional(map(object({
url_list = string
values = optional(list(string))
session_matcher = optional(string)
application_matcher = optional(string)
priority = number
action = optional(string, "ALLOW")
enabled = optional(bool, true)
tls_inspection_enabled = optional(bool, false)
})), {})
custom = optional(map(object({
session_matcher = optional(string)
application_matcher = optional(string)
priority = number
action = optional(string, "ALLOW")
enabled = optional(bool, true)
tls_inspection_enabled = optional(bool, false)
})), {})
})
validation {
condition = (
length(concat(
[for k, v in var.policy_rules.secure_tags : v.priority],
[for k, v in var.policy_rules.url_lists : v.priority],
[for k, v in var.policy_rules.custom : v.priority])) ==
length(distinct(concat(
[for k, v in var.policy_rules.secure_tags : v.priority],
[for k, v in var.policy_rules.url_lists : v.priority],
[for k, v in var.policy_rules.custom : v.priority])))
)
error_message = "Each rule must have unique priority."
}
default = {}
nullable = false
}
variable "ports" {
description = "Ports to use for Secure Web Proxy."
type = list(number)
default = [443]
}
variable "project_id" {
description = "Project id of the project that holds the network."
type = string
}
variable "region" {
description = "Region where resources will be created."
type = string
}
variable "scope" {
description = "Scope determines how configuration across multiple Gateway instances are merged."
type = string
default = null
}
variable "subnetwork" {
description = "Name of the subnetwork the Secure Web Proxy is deployed into."
type = string
}
variable "tls_inspection_config" {
description = "TLS inspection configuration."
type = object({
ca_pool = string
exclude_public_ca_set = optional(bool, false)
})
default = null
}

29
modules/net-vpc-swp/versions.tf Normal file
View File

@ -0,0 +1,29 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
terraform {
required_version = ">= 1.4.4"
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.69.0" # tftest
}
}
}

4
modules/net-vpc/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/net-vpn-dynamic/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/net-vpn-ha/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/net-vpn-static/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/organization/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/project/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/projects-data-source/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/pubsub/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/secret-manager/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/service-directory/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/source-repository/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

4
modules/vpc-sc/versions.tf
View File

@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.64.0" # tftest
version = ">= 4.69.0" # tftest
}
}
}

Some files were not shown because too many files have changed in this diff Show More