Merge remote-tracking branch 'origin/master' into billabongrob/add-nat
This commit is contained in:
commit
25aa29e463
|
@ -235,14 +235,14 @@ icmp:
|
|||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [name](variables.tf#L113) | Policy name. | <code>string</code> | ✓ | |
|
||||
| [parent_id](variables.tf#L119) | Parent node where the policy will be created, `folders/nnn` or `organizations/nnn` for hierarchical policy, project id for a network policy. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L100) | Policy name. | <code>string</code> | ✓ | |
|
||||
| [parent_id](variables.tf#L106) | Parent node where the policy will be created, `folders/nnn` or `organizations/nnn` for hierarchical policy, project id for a network policy. | <code>string</code> | ✓ | |
|
||||
| [attachments](variables.tf#L17) | Ids of the resources to which this policy will be attached, in descriptive name => self link format. Specify folders or organization for hierarchical policy, VPCs for network policy. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [description](variables.tf#L24) | Policy description. | <code>string</code> | | <code>null</code> |
|
||||
| [egress_rules](variables.tf#L30) | List of egress rule definitions, action can be 'allow', 'deny', 'goto_next'. The match.layer4configs map is in protocol => optional [ports] format. | <code title="map(object({ priority = number action = optional(string, "deny") description = optional(string) disabled = optional(bool, false) enable_logging = optional(bool) target_service_accounts = optional(list(string)) target_tags = optional(list(string)) match = object({ address_groups = optional(list(string)) fqdns = optional(list(string)) region_codes = optional(list(string)) threat_intelligences = optional(list(string)) destination_ranges = optional(list(string)) source_ranges = optional(list(string)) source_tags = optional(list(string)) layer4_configs = optional(list(object({ protocol = optional(string, "all") ports = optional(list(string)) })), [{}]) }) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [ingress_rules](variables.tf#L71) | List of ingress rule definitions, action can be 'allow', 'deny', 'goto_next'. | <code title="map(object({ priority = number action = optional(string, "allow") description = optional(string) disabled = optional(bool, false) enable_logging = optional(bool) target_service_accounts = optional(list(string)) target_tags = optional(list(string)) match = object({ address_groups = optional(list(string)) fqdns = optional(list(string)) region_codes = optional(list(string)) threat_intelligences = optional(list(string)) destination_ranges = optional(list(string)) source_ranges = optional(list(string)) source_tags = optional(list(string)) layer4_configs = optional(list(object({ protocol = optional(string, "all") ports = optional(list(string)) })), [{}]) }) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [region](variables.tf#L125) | Policy region. Leave null for hierarchical policy, set to 'global' for a global network policy. | <code>string</code> | | <code>null</code> |
|
||||
| [rules_factory_config](variables.tf#L131) | Configuration for the optional rules factory. | <code title="object({ cidr_file_path = optional(string) egress_rules_file_path = optional(string) ingress_rules_file_path = optional(string) })">object({…})</code> | | <code>{}</code> |
|
||||
| [ingress_rules](variables.tf#L65) | List of ingress rule definitions, action can be 'allow', 'deny', 'goto_next'. | <code title="map(object({ priority = number action = optional(string, "allow") description = optional(string) disabled = optional(bool, false) enable_logging = optional(bool) target_service_accounts = optional(list(string)) target_tags = optional(list(string)) match = object({ address_groups = optional(list(string)) fqdns = optional(list(string)) region_codes = optional(list(string)) threat_intelligences = optional(list(string)) destination_ranges = optional(list(string)) source_ranges = optional(list(string)) source_tags = optional(list(string)) layer4_configs = optional(list(object({ protocol = optional(string, "all") ports = optional(list(string)) })), [{}]) }) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [region](variables.tf#L112) | Policy region. Leave null for hierarchical policy, set to 'global' for a global network policy. | <code>string</code> | | <code>null</code> |
|
||||
| [rules_factory_config](variables.tf#L118) | Configuration for the optional rules factory. | <code title="object({ cidr_file_path = optional(string) egress_rules_file_path = optional(string) ingress_rules_file_path = optional(string) })">object({…})</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -53,12 +53,6 @@ variable "egress_rules" {
|
|||
}))
|
||||
default = {}
|
||||
nullable = false
|
||||
validation {
|
||||
condition = alltrue([
|
||||
for k, v in var.egress_rules : v.match.destination_ranges != null
|
||||
])
|
||||
error_message = "Engress rules need destination ranges."
|
||||
}
|
||||
validation {
|
||||
condition = alltrue([
|
||||
for k, v in var.egress_rules :
|
||||
|
@ -94,13 +88,6 @@ variable "ingress_rules" {
|
|||
}))
|
||||
default = {}
|
||||
nullable = false
|
||||
validation {
|
||||
condition = alltrue([
|
||||
for k, v in var.ingress_rules :
|
||||
v.match.source_ranges != null || v.match.source_tags != null
|
||||
])
|
||||
error_message = "Ingress rules need source ranges or tags."
|
||||
}
|
||||
validation {
|
||||
condition = alltrue([
|
||||
for k, v in var.ingress_rules :
|
||||
|
|
Loading…
Reference in New Issue