Merge pull request #149 from terraform-google-modules/jccb-firewall-logging
Bring back firewall logging
This commit is contained in:
commit
143249d726
|
@ -7,6 +7,8 @@ All notable changes to this project will be documented in this file.
|
|||
- end to end example for scheduled Cloud Asset Inventory export to Bigquery
|
||||
- decouple Cloud Run from Istio in GKE cluster module
|
||||
- depend views on tables in bigquery dataset module
|
||||
- bring back logging options for firewall rules in `net-vpc-firewall` module
|
||||
- removed interpolation-only expressions causing terraform warnings
|
||||
|
||||
## [3.4.0] - 2020-09-24
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ locals {
|
|||
"${pair.0}/${pair.1}" => { role = pair.0, name = pair.1 }
|
||||
}
|
||||
names = (
|
||||
var.use_instance_template ? { "${var.name}" = 0 } : {
|
||||
var.use_instance_template ? { (var.name) = 0 } : {
|
||||
for i in range(0, var.instance_count) : "${var.name}-${i + 1}" => i
|
||||
}
|
||||
)
|
||||
|
|
|
@ -103,7 +103,15 @@ resource "google_compute_firewall" "custom_allow" {
|
|||
target_service_accounts = each.value.use_service_accounts ? each.value.targets : null
|
||||
disabled = lookup(each.value.extra_attributes, "disabled", false)
|
||||
priority = lookup(each.value.extra_attributes, "priority", 1000)
|
||||
# enable_logging = lookup(each.value.extra_attributes, "enable_logging", false)
|
||||
|
||||
dynamic "log_config" {
|
||||
for_each = lookup(each.value.extra_attributes, "logging", null) != null ? [each.value.extra_attributes.logging] : []
|
||||
iterator = logging_config
|
||||
content {
|
||||
metadata = logging_config.value
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "allow" {
|
||||
for_each = each.value.rules
|
||||
iterator = rule
|
||||
|
@ -130,7 +138,14 @@ resource "google_compute_firewall" "custom_deny" {
|
|||
target_service_accounts = each.value.use_service_accounts ? each.value.targets : null
|
||||
disabled = lookup(each.value.extra_attributes, "disabled", false)
|
||||
priority = lookup(each.value.extra_attributes, "priority", 1000)
|
||||
# enable_logging = lookup(each.value.extra_attributes, "enable_logging", false)
|
||||
|
||||
dynamic "log_config" {
|
||||
for_each = lookup(each.value.extra_attributes, "logging", null) != null ? [each.value.extra_attributes.logging] : []
|
||||
iterator = logging_config
|
||||
content {
|
||||
metadata = logging_config.value
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "deny" {
|
||||
for_each = each.value.rules
|
||||
|
|
Loading…
Reference in New Issue