Merge pull request #149 from terraform-google-modules/jccb-firewall-logging
Bring back firewall logging
This commit is contained in:
commit
143249d726
|
@ -7,6 +7,8 @@ All notable changes to this project will be documented in this file.
|
||||||
- end to end example for scheduled Cloud Asset Inventory export to Bigquery
|
- end to end example for scheduled Cloud Asset Inventory export to Bigquery
|
||||||
- decouple Cloud Run from Istio in GKE cluster module
|
- decouple Cloud Run from Istio in GKE cluster module
|
||||||
- depend views on tables in bigquery dataset module
|
- depend views on tables in bigquery dataset module
|
||||||
|
- bring back logging options for firewall rules in `net-vpc-firewall` module
|
||||||
|
- removed interpolation-only expressions causing terraform warnings
|
||||||
|
|
||||||
## [3.4.0] - 2020-09-24
|
## [3.4.0] - 2020-09-24
|
||||||
|
|
||||||
|
|
|
@ -30,7 +30,7 @@ locals {
|
||||||
"${pair.0}/${pair.1}" => { role = pair.0, name = pair.1 }
|
"${pair.0}/${pair.1}" => { role = pair.0, name = pair.1 }
|
||||||
}
|
}
|
||||||
names = (
|
names = (
|
||||||
var.use_instance_template ? { "${var.name}" = 0 } : {
|
var.use_instance_template ? { (var.name) = 0 } : {
|
||||||
for i in range(0, var.instance_count) : "${var.name}-${i + 1}" => i
|
for i in range(0, var.instance_count) : "${var.name}-${i + 1}" => i
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
|
@ -103,7 +103,15 @@ resource "google_compute_firewall" "custom_allow" {
|
||||||
target_service_accounts = each.value.use_service_accounts ? each.value.targets : null
|
target_service_accounts = each.value.use_service_accounts ? each.value.targets : null
|
||||||
disabled = lookup(each.value.extra_attributes, "disabled", false)
|
disabled = lookup(each.value.extra_attributes, "disabled", false)
|
||||||
priority = lookup(each.value.extra_attributes, "priority", 1000)
|
priority = lookup(each.value.extra_attributes, "priority", 1000)
|
||||||
# enable_logging = lookup(each.value.extra_attributes, "enable_logging", false)
|
|
||||||
|
dynamic "log_config" {
|
||||||
|
for_each = lookup(each.value.extra_attributes, "logging", null) != null ? [each.value.extra_attributes.logging] : []
|
||||||
|
iterator = logging_config
|
||||||
|
content {
|
||||||
|
metadata = logging_config.value
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
dynamic "allow" {
|
dynamic "allow" {
|
||||||
for_each = each.value.rules
|
for_each = each.value.rules
|
||||||
iterator = rule
|
iterator = rule
|
||||||
|
@ -130,7 +138,14 @@ resource "google_compute_firewall" "custom_deny" {
|
||||||
target_service_accounts = each.value.use_service_accounts ? each.value.targets : null
|
target_service_accounts = each.value.use_service_accounts ? each.value.targets : null
|
||||||
disabled = lookup(each.value.extra_attributes, "disabled", false)
|
disabled = lookup(each.value.extra_attributes, "disabled", false)
|
||||||
priority = lookup(each.value.extra_attributes, "priority", 1000)
|
priority = lookup(each.value.extra_attributes, "priority", 1000)
|
||||||
# enable_logging = lookup(each.value.extra_attributes, "enable_logging", false)
|
|
||||||
|
dynamic "log_config" {
|
||||||
|
for_each = lookup(each.value.extra_attributes, "logging", null) != null ? [each.value.extra_attributes.logging] : []
|
||||||
|
iterator = logging_config
|
||||||
|
content {
|
||||||
|
metadata = logging_config.value
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
dynamic "deny" {
|
dynamic "deny" {
|
||||||
for_each = each.value.rules
|
for_each = each.value.rules
|
||||||
|
|
Loading…
Reference in New Issue