Merge pull request #1409 from rosmo/secure-web-proxy
Added module for Secure Web Proxy
This commit is contained in:
commit
0d0b37b599
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
terraform {
|
||||
required_version = ">= 1.4.4"
|
||||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -96,6 +96,7 @@ These modules are used in the examples included in this repository. If you are u
|
|||
- [KMS](./kms)
|
||||
- [SecretManager](./secret-manager)
|
||||
- [VPC Service Control](./vpc-sc)
|
||||
- [Secure Web Proxy](./net-vpc-swp)
|
||||
|
||||
## Serverless
|
||||
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,194 @@
|
|||
# Google Cloud Secure Web Proxy
|
||||
|
||||
This module allows creation and management of [Secure Web Proxy](https://cloud.google.com/secure-web-proxy/docs/overview) alongside with its security
|
||||
policies:
|
||||
|
||||
- Secure tag based rules via the `policy_rules.secure_tags` variable
|
||||
- Url list rules via the `policy_rules.url_lists` variable
|
||||
- Custom rules via the `policy_rules.custom`
|
||||
|
||||
## Examples
|
||||
|
||||
### Minimal Secure Web Proxy
|
||||
|
||||
(Note that this will not allow any request to pass.)
|
||||
|
||||
```hcl
|
||||
module "secure-web-proxy" {
|
||||
source = "./fabric/modules/net-vpc-swp"
|
||||
|
||||
project_id = "my-project"
|
||||
region = "europe-west4"
|
||||
name = "secure-web-proxy"
|
||||
network = "projects/my-project/global/networks/my-network"
|
||||
subnetwork = "projects/my-project/regions/europe-west4/subnetworks/my-subnetwork"
|
||||
addresses = ["10.142.68.3"]
|
||||
certificates = ["projects/my-project/locations/europe-west4/certificates/secure-web-proxy-cert"]
|
||||
labels = {
|
||||
example = "value"
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2 inventory=basic.yaml
|
||||
```
|
||||
|
||||
### Secure Web Proxy with rules
|
||||
|
||||
```hcl
|
||||
module "secure-web-proxy" {
|
||||
source = "./fabric/modules/net-vpc-swp"
|
||||
|
||||
project_id = "my-project"
|
||||
region = "europe-west4"
|
||||
name = "secure-web-proxy"
|
||||
network = "projects/my-project/global/networks/my-network"
|
||||
subnetwork = "projects/my-project/regions/europe-west4/subnetworks/my-subnetwork"
|
||||
addresses = ["10.142.68.3"]
|
||||
certificates = ["projects/my-project/locations/europe-west4/certificates/secure-web-proxy-cert"]
|
||||
ports = [80, 443]
|
||||
policy_rules = {
|
||||
secure_tags = {
|
||||
secure-tag-1 = {
|
||||
tag = "tagValues/281484836404786"
|
||||
priority = 1000
|
||||
}
|
||||
secure-tag-2 = {
|
||||
tag = "tagValues/281484836404786"
|
||||
session_matcher = "host() != 'google.com'"
|
||||
priority = 1001
|
||||
}
|
||||
}
|
||||
url_lists = {
|
||||
url-list-1 = {
|
||||
url_list = "my-url-list"
|
||||
values = ["www.google.com", "google.com"]
|
||||
priority = 1002
|
||||
}
|
||||
url-list-2 = {
|
||||
url_list = "projects/my-project/locations/europe-west4/urlLists/my-url-list"
|
||||
session_matcher = "source.matchServiceAccount('my-sa@my-project.iam.gserviceaccount.com')"
|
||||
enabled = false
|
||||
priority = 1003
|
||||
}
|
||||
}
|
||||
custom = {
|
||||
custom-rule-1 = {
|
||||
priority = 1004
|
||||
session_matcher = "host() == 'google.com'"
|
||||
action = "DENY"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=8 inventory=rules.yaml
|
||||
```
|
||||
|
||||
### Secure Web Proxy with TLS inspection
|
||||
|
||||
```hcl
|
||||
resource "google_privateca_ca_pool" "pool" {
|
||||
name = "secure-web-proxy-capool"
|
||||
location = "europe-west4"
|
||||
project = "my-project"
|
||||
|
||||
tier = "DEVOPS"
|
||||
}
|
||||
|
||||
resource "google_privateca_certificate_authority" "ca" {
|
||||
pool = google_privateca_ca_pool.pool.name
|
||||
certificate_authority_id = "secure-web-proxy-ca"
|
||||
location = "europe-west4"
|
||||
project = "my-project"
|
||||
|
||||
deletion_protection = "false"
|
||||
|
||||
config {
|
||||
subject_config {
|
||||
subject {
|
||||
organization = "Cloud Foundation Fabric"
|
||||
common_name = "fabric"
|
||||
}
|
||||
}
|
||||
x509_config {
|
||||
ca_options {
|
||||
is_ca = true
|
||||
}
|
||||
key_usage {
|
||||
base_key_usage {
|
||||
cert_sign = true
|
||||
crl_sign = true
|
||||
}
|
||||
extended_key_usage {
|
||||
server_auth = true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
lifetime = "1209600s"
|
||||
key_spec {
|
||||
algorithm = "EC_P256_SHA256"
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_privateca_ca_pool_iam_member" "member" {
|
||||
ca_pool = google_privateca_ca_pool.pool.id
|
||||
role = "roles/privateca.certificateManager"
|
||||
member = "serviceAccount:service-123456789@gcp-sa-networksecurity.iam.gserviceaccount.com"
|
||||
}
|
||||
|
||||
module "secure-web-proxy" {
|
||||
source = "./fabric/modules/net-vpc-swp"
|
||||
|
||||
project_id = "my-project"
|
||||
region = "europe-west4"
|
||||
name = "secure-web-proxy"
|
||||
network = "projects/my-project/global/networks/my-network"
|
||||
subnetwork = "projects/my-project/regions/europe-west4/subnetworks/my-subnetwork"
|
||||
addresses = ["10.142.68.3"]
|
||||
certificates = ["projects/my-project/locations/europe-west4/certificates/secure-web-proxy-cert"]
|
||||
ports = [443]
|
||||
policy_rules = {
|
||||
custom = {
|
||||
custom-rule-1 = {
|
||||
priority = 1000
|
||||
session_matcher = "host() == 'google.com'"
|
||||
application_matcher = "request.path.contains('generate_204')"
|
||||
action = "ALLOW"
|
||||
tls_inspection_enabled = true
|
||||
}
|
||||
}
|
||||
}
|
||||
tls_inspection_config = {
|
||||
ca_pool = google_privateca_ca_pool.pool.id
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=7 inventory=tls.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [addresses](variables.tf#L19) | One or more IP addresses to be used for Secure Web Proxy. | <code></code> | ✓ | |
|
||||
| [certificates](variables.tf#L27) | List of certificates to be used for Secure Web Proxy. | <code>list(string)</code> | ✓ | |
|
||||
| [name](variables.tf#L44) | Name of the Secure Web Proxy resource. | <code>string</code> | ✓ | |
|
||||
| [network](variables.tf#L49) | Name of the network the Secure Web Proxy is deployed into. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L110) | Project id of the project that holds the network. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L115) | Region where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [subnetwork](variables.tf#L126) | Name of the subnetwork the Secure Web Proxy is deployed into. | <code>string</code> | ✓ | |
|
||||
| [delete_swg_autogen_router_on_destroy](variables.tf#L32) | Delete automatically provisioned Cloud Router on destroy. | <code>bool</code> | | <code>true</code> |
|
||||
| [labels](variables.tf#L38) | Resource labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [policy_rules](variables.tf#L54) | List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created. | <code title="object({ secure_tags = optional(map(object({ tag = string session_matcher = optional(string) application_matcher = optional(string) priority = number action = optional(string, "ALLOW") enabled = optional(bool, true) tls_inspection_enabled = optional(bool, false) })), {}) url_lists = optional(map(object({ url_list = string values = optional(list(string)) session_matcher = optional(string) application_matcher = optional(string) priority = number action = optional(string, "ALLOW") enabled = optional(bool, true) tls_inspection_enabled = optional(bool, false) })), {}) custom = optional(map(object({ session_matcher = optional(string) application_matcher = optional(string) priority = number action = optional(string, "ALLOW") enabled = optional(bool, true) tls_inspection_enabled = optional(bool, false) })), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [ports](variables.tf#L104) | Ports to use for Secure Web Proxy. | <code>list(number)</code> | | <code>[443]</code> |
|
||||
| [scope](variables.tf#L120) | Scope determines how configuration across multiple Gateway instances are merged. | <code>string</code> | | <code>null</code> |
|
||||
| [tls_inspection_config](variables.tf#L131) | TLS inspection configuration. | <code title="object({ ca_pool = string exclude_public_ca_set = optional(bool, false) })">object({…})</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
| name | description | sensitive |
|
||||
|---|---|:---:|
|
||||
| [gateway](outputs.tf#L17) | The gateway resource. | |
|
||||
| [gateway_security_policy](outputs.tf#L22) | The gateway security policy resource. | |
|
||||
| [id](outputs.tf#L27) | ID of the gateway resource. | |
|
||||
|
||||
<!-- END TFDOC -->
|
|
@ -0,0 +1,121 @@
|
|||
/**
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
locals {
|
||||
create_url_lists = { for k, v in var.policy_rules.url_lists : v.url_list => v if v.values != null }
|
||||
}
|
||||
|
||||
resource "google_network_security_gateway_security_policy" "policy" {
|
||||
provider = google-beta
|
||||
project = var.project_id
|
||||
name = var.name
|
||||
location = var.region
|
||||
description = "Managed by Terraform."
|
||||
tls_inspection_policy = var.tls_inspection_config != null ? google_network_security_tls_inspection_policy.tls-policy.0.id : null
|
||||
}
|
||||
|
||||
resource "google_network_security_tls_inspection_policy" "tls-policy" {
|
||||
count = var.tls_inspection_config != null ? 1 : 0
|
||||
provider = google-beta
|
||||
project = var.project_id
|
||||
name = var.name
|
||||
location = var.region
|
||||
ca_pool = var.tls_inspection_config.ca_pool
|
||||
exclude_public_ca_set = var.tls_inspection_config.exclude_public_ca_set
|
||||
}
|
||||
|
||||
resource "google_network_security_gateway_security_policy_rule" "secure_tag_rules" {
|
||||
for_each = var.policy_rules.secure_tags
|
||||
provider = google-beta
|
||||
project = var.project_id
|
||||
name = each.key
|
||||
location = var.region
|
||||
gateway_security_policy = google_network_security_gateway_security_policy.policy.name
|
||||
enabled = each.value.enabled
|
||||
priority = each.value.priority
|
||||
session_matcher = trimspace(<<-EOT
|
||||
source.matchTag('${each.value.tag}')%{if each.value.session_matcher != null} && (${each.value.session_matcher})%{endif~}
|
||||
EOT
|
||||
)
|
||||
application_matcher = each.value.application_matcher
|
||||
tls_inspection_enabled = each.value.tls_inspection_enabled
|
||||
basic_profile = each.value.action
|
||||
}
|
||||
|
||||
resource "google_network_security_url_lists" "url_lists" {
|
||||
for_each = local.create_url_lists
|
||||
provider = google-beta
|
||||
project = var.project_id
|
||||
name = each.key
|
||||
location = var.region
|
||||
description = "Managed by Terraform."
|
||||
values = each.value.values
|
||||
}
|
||||
|
||||
resource "google_network_security_gateway_security_policy_rule" "url_list_rules" {
|
||||
for_each = var.policy_rules.url_lists
|
||||
provider = google-beta
|
||||
project = var.project_id
|
||||
name = each.key
|
||||
location = var.region
|
||||
gateway_security_policy = google_network_security_gateway_security_policy.policy.name
|
||||
enabled = each.value.enabled
|
||||
priority = each.value.priority
|
||||
session_matcher = trimspace(<<-EOT
|
||||
inUrlList(host(), '%{~if each.value.values != null~}
|
||||
${~google_network_security_url_lists.url_lists[each.value.url_list].id~}
|
||||
%{~else~}
|
||||
${~each.value.url_list~}
|
||||
%{~endif~}') %{~if each.value.session_matcher != null} && (${each.value.session_matcher})%{~endif~}
|
||||
EOT
|
||||
)
|
||||
application_matcher = each.value.application_matcher
|
||||
tls_inspection_enabled = each.value.tls_inspection_enabled
|
||||
basic_profile = each.value.action
|
||||
}
|
||||
|
||||
resource "google_network_security_gateway_security_policy_rule" "custom_rules" {
|
||||
for_each = var.policy_rules.custom
|
||||
project = var.project_id
|
||||
provider = google-beta
|
||||
name = each.key
|
||||
location = var.region
|
||||
gateway_security_policy = google_network_security_gateway_security_policy.policy.name
|
||||
enabled = each.value.enabled
|
||||
priority = each.value.priority
|
||||
session_matcher = each.value.session_matcher
|
||||
application_matcher = each.value.application_matcher
|
||||
tls_inspection_enabled = each.value.tls_inspection_enabled
|
||||
basic_profile = each.value.action
|
||||
}
|
||||
|
||||
resource "google_network_services_gateway" "gateway" {
|
||||
provider = google-beta
|
||||
project = var.project_id
|
||||
name = var.name
|
||||
location = var.region
|
||||
labels = var.labels
|
||||
addresses = var.addresses != null ? var.addresses : []
|
||||
type = "SECURE_WEB_GATEWAY"
|
||||
ports = var.ports
|
||||
scope = var.scope != null ? var.scope : ""
|
||||
certificate_urls = var.certificates
|
||||
gateway_security_policy = google_network_security_gateway_security_policy.policy.id
|
||||
network = var.network
|
||||
subnetwork = var.subnetwork
|
||||
delete_swg_autogen_router_on_destroy = var.delete_swg_autogen_router_on_destroy
|
||||
}
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
output "gateway" {
|
||||
description = "The gateway resource."
|
||||
value = google_network_services_gateway.gateway
|
||||
}
|
||||
|
||||
output "gateway_security_policy" {
|
||||
description = "The gateway security policy resource."
|
||||
value = google_network_services_gateway.gateway.gateway_security_policy
|
||||
}
|
||||
|
||||
output "id" {
|
||||
description = "ID of the gateway resource."
|
||||
value = google_network_services_gateway.gateway.id
|
||||
}
|
|
@ -0,0 +1,138 @@
|
|||
/**
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
|
||||
|
||||
variable "addresses" {
|
||||
description = "One or more IP addresses to be used for Secure Web Proxy."
|
||||
validation {
|
||||
condition = length(var.addresses) > 0
|
||||
error_message = "Must specify at least one IP address."
|
||||
}
|
||||
}
|
||||
|
||||
variable "certificates" {
|
||||
description = "List of certificates to be used for Secure Web Proxy."
|
||||
type = list(string)
|
||||
}
|
||||
|
||||
variable "delete_swg_autogen_router_on_destroy" {
|
||||
description = "Delete automatically provisioned Cloud Router on destroy."
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "labels" {
|
||||
description = "Resource labels."
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
description = "Name of the Secure Web Proxy resource."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "network" {
|
||||
description = "Name of the network the Secure Web Proxy is deployed into."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "policy_rules" {
|
||||
description = "List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created."
|
||||
type = object({
|
||||
secure_tags = optional(map(object({
|
||||
tag = string
|
||||
session_matcher = optional(string)
|
||||
application_matcher = optional(string)
|
||||
priority = number
|
||||
action = optional(string, "ALLOW")
|
||||
enabled = optional(bool, true)
|
||||
tls_inspection_enabled = optional(bool, false)
|
||||
})), {})
|
||||
|
||||
url_lists = optional(map(object({
|
||||
url_list = string
|
||||
values = optional(list(string))
|
||||
session_matcher = optional(string)
|
||||
application_matcher = optional(string)
|
||||
priority = number
|
||||
action = optional(string, "ALLOW")
|
||||
enabled = optional(bool, true)
|
||||
tls_inspection_enabled = optional(bool, false)
|
||||
})), {})
|
||||
|
||||
custom = optional(map(object({
|
||||
session_matcher = optional(string)
|
||||
application_matcher = optional(string)
|
||||
priority = number
|
||||
action = optional(string, "ALLOW")
|
||||
enabled = optional(bool, true)
|
||||
tls_inspection_enabled = optional(bool, false)
|
||||
})), {})
|
||||
})
|
||||
validation {
|
||||
condition = (
|
||||
length(concat(
|
||||
[for k, v in var.policy_rules.secure_tags : v.priority],
|
||||
[for k, v in var.policy_rules.url_lists : v.priority],
|
||||
[for k, v in var.policy_rules.custom : v.priority])) ==
|
||||
length(distinct(concat(
|
||||
[for k, v in var.policy_rules.secure_tags : v.priority],
|
||||
[for k, v in var.policy_rules.url_lists : v.priority],
|
||||
[for k, v in var.policy_rules.custom : v.priority])))
|
||||
)
|
||||
error_message = "Each rule must have unique priority."
|
||||
}
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "ports" {
|
||||
description = "Ports to use for Secure Web Proxy."
|
||||
type = list(number)
|
||||
default = [443]
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project id of the project that holds the network."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "Region where resources will be created."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "scope" {
|
||||
description = "Scope determines how configuration across multiple Gateway instances are merged."
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "subnetwork" {
|
||||
description = "Name of the subnetwork the Secure Web Proxy is deployed into."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "tls_inspection_config" {
|
||||
description = "TLS inspection configuration."
|
||||
type = object({
|
||||
ca_pool = string
|
||||
exclude_public_ca_set = optional(bool, false)
|
||||
})
|
||||
default = null
|
||||
}
|
|
@ -0,0 +1,29 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
terraform {
|
||||
required_version = ">= 1.4.4"
|
||||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,11 +17,11 @@ terraform {
|
|||
required_providers {
|
||||
google = {
|
||||
source = "hashicorp/google"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
google-beta = {
|
||||
source = "hashicorp/google-beta"
|
||||
version = ">= 4.64.0" # tftest
|
||||
version = ">= 4.69.0" # tftest
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue