diff --git a/modules/net-vpc-swp/README.md b/modules/net-vpc-swp/README.md
index 1ad04189..721bedc8 100644
--- a/modules/net-vpc-swp/README.md
+++ b/modules/net-vpc-swp/README.md
@@ -171,18 +171,19 @@ module "secure-web-proxy" {
|---|---|:---:|:---:|:---:|
| [addresses](variables.tf#L19) | One or more IP addresses to be used for Secure Web Proxy. |
| ✓ | |
| [certificates](variables.tf#L27) | List of certificates to be used for Secure Web Proxy. | list(string)
| ✓ | |
-| [name](variables.tf#L50) | Name of the Secure Web Proxy resource. | string
| ✓ | |
-| [network](variables.tf#L55) | Name of the network the Secure Web Proxy is deployed into. | string
| ✓ | |
-| [project_id](variables.tf#L119) | Project id of the project that holds the network. | string
| ✓ | |
-| [region](variables.tf#L124) | Region where resources will be created. | string
| ✓ | |
-| [subnetwork](variables.tf#L135) | Name of the subnetwork the Secure Web Proxy is deployed into. | string
| ✓ | |
+| [name](variables.tf#L56) | Name of the Secure Web Proxy resource. | string
| ✓ | |
+| [network](variables.tf#L61) | Name of the network the Secure Web Proxy is deployed into. | string
| ✓ | |
+| [project_id](variables.tf#L125) | Project id of the project that holds the network. | string
| ✓ | |
+| [region](variables.tf#L130) | Region where resources will be created. | string
| ✓ | |
+| [subnetwork](variables.tf#L141) | Name of the subnetwork the Secure Web Proxy is deployed into. | string
| ✓ | |
| [delete_swg_autogen_router_on_destroy](variables.tf#L32) | Delete automatically provisioned Cloud Router on destroy. | bool
| | true
|
| [description](variables.tf#L38) | Optional description for the SWG. | string
| | "Managed by Terraform."
|
-| [labels](variables.tf#L44) | Resource labels. | map(string)
| | {}
|
-| [policy_rules](variables.tf#L60) | List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created. | object({…})
| | {}
|
-| [ports](variables.tf#L113) | Ports to use for Secure Web Proxy. | list(number)
| | [443]
|
-| [scope](variables.tf#L129) | Scope determines how configuration across multiple Gateway instances are merged. | string
| | null
|
-| [tls_inspection_config](variables.tf#L140) | TLS inspection configuration. | object({…})
| | null
|
+| [gateway_security_policy_description](variables.tf#L44) | Optional description for the gateway security policy. | string
| | "Managed by Terraform."
|
+| [labels](variables.tf#L50) | Resource labels. | map(string)
| | {}
|
+| [policy_rules](variables.tf#L66) | List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created. | object({…})
| | {}
|
+| [ports](variables.tf#L119) | Ports to use for Secure Web Proxy. | list(number)
| | [443]
|
+| [scope](variables.tf#L135) | Scope determines how configuration across multiple Gateway instances are merged. | string
| | null
|
+| [tls_inspection_config](variables.tf#L146) | TLS inspection configuration. | object({…})
| | null
|
## Outputs
diff --git a/modules/net-vpc-swp/main.tf b/modules/net-vpc-swp/main.tf
index fa65fff8..aebe19dc 100644
--- a/modules/net-vpc-swp/main.tf
+++ b/modules/net-vpc-swp/main.tf
@@ -23,7 +23,7 @@ resource "google_network_security_gateway_security_policy" "policy" {
project = var.project_id
name = var.name
location = var.region
- description = var.tls_inspection_config != null ? var.tls_inspection_config.gateway_description : null
+ description = var.gateway_security_policy_description
tls_inspection_policy = var.tls_inspection_config != null ? google_network_security_tls_inspection_policy.tls-policy.0.id : null
}
@@ -33,7 +33,7 @@ resource "google_network_security_tls_inspection_policy" "tls-policy" {
project = var.project_id
name = var.name
location = var.region
- description = var.tls_inspection_config.tls_description
+ description = var.tls_inspection_config.description
ca_pool = var.tls_inspection_config.ca_pool
exclude_public_ca_set = var.tls_inspection_config.exclude_public_ca_set
}
diff --git a/modules/net-vpc-swp/variables.tf b/modules/net-vpc-swp/variables.tf
index fed232e9..cca864ce 100644
--- a/modules/net-vpc-swp/variables.tf
+++ b/modules/net-vpc-swp/variables.tf
@@ -41,6 +41,12 @@ variable "description" {
default = "Managed by Terraform."
}
+variable "gateway_security_policy_description" {
+ description = "Optional description for the gateway security policy."
+ type = string
+ default = "Managed by Terraform."
+}
+
variable "labels" {
description = "Resource labels."
type = map(string)
@@ -140,10 +146,9 @@ variable "subnetwork" {
variable "tls_inspection_config" {
description = "TLS inspection configuration."
type = object({
- ca_pool = string
+ ca_pool = optional(string, null)
exclude_public_ca_set = optional(bool, false)
- gateway_description = optional(string, "Managed by Terraform.")
- tls_description = optional(string, "Managed by Terraform.")
+ description = optional(string, "Managed by Terraform.")
})
default = null
}