zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove redundant variable `admin_ranges_enabled`

This commit is contained in:
Julio Castillo 2021-10-04 14:12:00 +02:00
parent 2a6f662e71
commit 2863d929a5
13 changed files with 73 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
data-solutions/cmek-via-centralized-kms/main.tf
View File

@ -63,7 +63,6 @@ module "vpc-firewall" {
source = "../../modules/net-vpc-firewall"
project_id = module.project-service.project_id
network = module.vpc.name
admin_ranges_enabled = true
admin_ranges = [var.vpc_ip_cidr_range]
}

3
data-solutions/data-platform-foundations/02-resources/main.tf
View File

@ -170,8 +170,7 @@ module "firewall" {
source = "../../../modules/net-vpc-firewall"
project_id = var.project_ids.transformation
network = module.vpc-transformation.name
admin_ranges_enabled = false
admin_ranges = [""]
admin_ranges = []
http_source_ranges = []
https_source_ranges = []
ssh_source_ranges = []

1
data-solutions/gcs-to-bq-with-dataflow/main.tf
View File

@ -181,7 +181,6 @@ module "vpc-firewall" {
source = "../../modules/net-vpc-firewall"
project_id = module.project-service.project_id
network = module.vpc.name
admin_ranges_enabled = true
admin_ranges = [var.vpc_ip_cidr_range]
}

7
modules/net-vpc-firewall/README.md
View File

@ -19,7 +19,6 @@ module "firewall" {
source = "./modules/net-vpc-firewall"
project_id = "my-project"
network = "my-network"
admin_ranges_enabled = true
admin_ranges = ["10.0.0.0/8"]
}
# tftest:modules=1:resources=4
@ -34,7 +33,6 @@ module "firewall" {
source = "./modules/net-vpc-firewall"
project_id = "my-project"
network = "my-network"
admin_ranges_enabled = true
admin_ranges = ["10.0.0.0/8"]
custom_rules = {
ntp-svc = {
@ -55,14 +53,14 @@ module "firewall" {
### No predefined rules
If you don't want any predefined rules, set `admin_ranges_enabled` to `false` and `http_source_ranges`, `https_source_ranges`, `ssh_source_ranges` to an empty list.
If you don't want any predefined rules set `admin_ranges`, `http_source_ranges`, `https_source_ranges` and `ssh_source_ranges` to an empty list.
```hcl
module "firewall" {
source = "./modules/net-vpc-firewall"
project_id = "my-project"
network = "my-network"
admin_ranges_enabled = false
admin_ranges = []
http_source_ranges = []
https_source_ranges = []
ssh_source_ranges = []
@ -91,7 +89,6 @@ module "firewall" {
| network | Name of the network this set of firewall rules applies to. | <code title="">string</code> | ✓ | |
| project_id | Project id of the project that holds the network. | <code title="">string</code> | ✓ | |
| *admin_ranges* | IP CIDR ranges that have complete access to all subnets. | <code title="list&#40;string&#41;">list(string)</code> | | <code title="">[]</code> |
| *admin_ranges_enabled* | Enable admin ranges-based rules. | <code title="">bool</code> | | <code title="">false</code> |
| *custom_rules* | List of custom rule definitions (refer to variables file for syntax). | <code title="map&#40;object&#40;&#123;&#10;description &#61; string&#10;direction &#61; string&#10;action &#61; string &#35; &#40;allow&#124;deny&#41;&#10;ranges &#61; list&#40;string&#41;&#10;sources &#61; list&#40;string&#41;&#10;targets &#61; list&#40;string&#41;&#10;use_service_accounts &#61; bool&#10;rules &#61; list&#40;object&#40;&#123;&#10;protocol &#61; string&#10;ports &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;&#10;extra_attributes &#61; map&#40;string&#41;&#10;&#125;&#41;&#41;">map(object({...}))</code> | | <code title="">{}</code> |
| *http_source_ranges* | List of IP CIDR ranges for tag-based HTTP rule, defaults to the health checkers ranges. | <code title="list&#40;string&#41;">list(string)</code> | | <code title="">["35.191.0.0/16", "130.211.0.0/22", "209.85.152.0/22", "209.85.204.0/22"]</code> |
| *https_source_ranges* | List of IP CIDR ranges for tag-based HTTPS rule, defaults to the health checkers ranges. | <code title="list&#40;string&#41;">list(string)</code> | | <code title="">["35.191.0.0/16", "130.211.0.0/22", "209.85.152.0/22", "209.85.204.0/22"]</code> |

2
modules/net-vpc-firewall/main.tf
View File

@ -34,7 +34,7 @@ locals {
###############################################################################
resource "google_compute_firewall" "allow-admins" {
count = var.admin_ranges_enabled == true ? 1 : 0
count = length(var.admin_ranges) > 0 ? 1 : 0
name = "${var.network}-ingress-admins"
description = "Access from the admin subnet to all subnets"
network = var.network

4
modules/net-vpc-firewall/outputs.tf
View File

@ -18,8 +18,8 @@ output "admin_ranges" {
description = "Admin ranges data."
value = {
enabled = var.admin_ranges_enabled
ranges = var.admin_ranges_enabled ? join(",", var.admin_ranges) : ""
enabled = length(var.admin_ranges) > 0
ranges = join(",", var.admin_ranges)
}
}

6
modules/net-vpc-firewall/variables.tf
View File

@ -20,12 +20,6 @@ variable "admin_ranges" {
default = []
}
variable "admin_ranges_enabled" {
description = "Enable admin ranges-based rules."
type = bool
default = false
}
variable "custom_rules" {
description = "List of custom rule definitions (refer to variables file for syntax)."
type = map(object({

3
networking/hub-and-spoke-peering/main.tf
View File

@ -77,7 +77,6 @@ module "vpc-hub-firewall" {
source = "../../modules/net-vpc-firewall"
project_id = var.project_id
network = module.vpc-hub.name
admin_ranges_enabled = true
admin_ranges = values(var.ip_ranges)
}
@ -103,7 +102,6 @@ module "vpc-spoke-1-firewall" {
source = "../../modules/net-vpc-firewall"
project_id = module.project.project_id
network = module.vpc-spoke-1.name
admin_ranges_enabled = true
admin_ranges = values(var.ip_ranges)
}
@ -149,7 +147,6 @@ module "vpc-spoke-2-firewall" {
source = "../../modules/net-vpc-firewall"
project_id = module.project.project_id
network = module.vpc-spoke-2.name
admin_ranges_enabled = true
admin_ranges = values(var.ip_ranges)
}

3
networking/hub-and-spoke-vpn/main.tf
View File

@ -51,7 +51,6 @@ module "vpc-hub-firewall" {
source = "../../modules/net-vpc-firewall"
project_id = var.project_id
network = module.vpc-hub.name
admin_ranges_enabled = true
admin_ranges = values(var.ip_ranges)
}
@ -143,7 +142,6 @@ module "vpc-spoke-1-firewall" {
source = "../../modules/net-vpc-firewall"
project_id = var.project_id
network = module.vpc-spoke-1.name
admin_ranges_enabled = true
admin_ranges = values(var.ip_ranges)
}
@ -207,7 +205,6 @@ module "vpc-spoke-2-firewall" {
source = "../../modules/net-vpc-firewall"
project_id = var.project_id
network = module.vpc-spoke-2.name
admin_ranges_enabled = true
admin_ranges = values(var.ip_ranges)
}

1
networking/ilb-next-hop/vpc-left.tf
View File

@ -41,7 +41,6 @@ module "firewall-left" {
source = "../../modules/net-vpc-firewall"
project_id = module.project.project_id
network = module.vpc-left.name
admin_ranges_enabled = true
admin_ranges = values(var.ip_ranges)
ssh_source_ranges = ["35.235.240.0/20", "35.191.0.0/16", "130.211.0.0/22"]
}

1
networking/ilb-next-hop/vpc-right.tf
View File

@ -55,7 +55,6 @@ module "firewall-right" {
source = "../../modules/net-vpc-firewall"
project_id = module.project.project_id
network = module.vpc-right.name
admin_ranges_enabled = true
admin_ranges = values(var.ip_ranges)
ssh_source_ranges = ["35.235.240.0/20", "35.191.0.0/16", "130.211.0.0/22"]
}

1
networking/onprem-google-access-dns/main.tf
View File

@ -74,7 +74,6 @@ module "vpc-firewall" {
source = "../../modules/net-vpc-firewall"
project_id = var.project_id
network = module.vpc.name
admin_ranges_enabled = true
admin_ranges = values(var.ip_ranges)
ssh_source_ranges = var.ssh_source_ranges
}

1
networking/shared-vpc-gke/main.tf
View File

@ -133,7 +133,6 @@ module "vpc-shared-firewall" {
source = "../../modules/net-vpc-firewall"
project_id = module.project-host.project_id
network = module.vpc-shared.name
admin_ranges_enabled = true
admin_ranges = values(var.ip_ranges)
}