From 915f09461e877a81ec451f1ac48df2adebfb4eb3 Mon Sep 17 00:00:00 2001 From: Natalia Strelkova Date: Tue, 1 Aug 2023 10:27:26 +0200 Subject: [PATCH] optional description for the gateway security policy - separately --- modules/net-vpc-swp/README.md | 21 +++++++++++---------- modules/net-vpc-swp/main.tf | 4 ++-- modules/net-vpc-swp/variables.tf | 11 ++++++++--- 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/modules/net-vpc-swp/README.md b/modules/net-vpc-swp/README.md index 1ad04189..721bedc8 100644 --- a/modules/net-vpc-swp/README.md +++ b/modules/net-vpc-swp/README.md @@ -171,18 +171,19 @@ module "secure-web-proxy" { |---|---|:---:|:---:|:---:| | [addresses](variables.tf#L19) | One or more IP addresses to be used for Secure Web Proxy. | | ✓ | | | [certificates](variables.tf#L27) | List of certificates to be used for Secure Web Proxy. | list(string) | ✓ | | -| [name](variables.tf#L50) | Name of the Secure Web Proxy resource. | string | ✓ | | -| [network](variables.tf#L55) | Name of the network the Secure Web Proxy is deployed into. | string | ✓ | | -| [project_id](variables.tf#L119) | Project id of the project that holds the network. | string | ✓ | | -| [region](variables.tf#L124) | Region where resources will be created. | string | ✓ | | -| [subnetwork](variables.tf#L135) | Name of the subnetwork the Secure Web Proxy is deployed into. | string | ✓ | | +| [name](variables.tf#L56) | Name of the Secure Web Proxy resource. | string | ✓ | | +| [network](variables.tf#L61) | Name of the network the Secure Web Proxy is deployed into. | string | ✓ | | +| [project_id](variables.tf#L125) | Project id of the project that holds the network. | string | ✓ | | +| [region](variables.tf#L130) | Region where resources will be created. | string | ✓ | | +| [subnetwork](variables.tf#L141) | Name of the subnetwork the Secure Web Proxy is deployed into. | string | ✓ | | | [delete_swg_autogen_router_on_destroy](variables.tf#L32) | Delete automatically provisioned Cloud Router on destroy. | bool | | true | | [description](variables.tf#L38) | Optional description for the SWG. | string | | "Managed by Terraform." | -| [labels](variables.tf#L44) | Resource labels. | map(string) | | {} | -| [policy_rules](variables.tf#L60) | List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created. | object({…}) | | {} | -| [ports](variables.tf#L113) | Ports to use for Secure Web Proxy. | list(number) | | [443] | -| [scope](variables.tf#L129) | Scope determines how configuration across multiple Gateway instances are merged. | string | | null | -| [tls_inspection_config](variables.tf#L140) | TLS inspection configuration. | object({…}) | | null | +| [gateway_security_policy_description](variables.tf#L44) | Optional description for the gateway security policy. | string | | "Managed by Terraform." | +| [labels](variables.tf#L50) | Resource labels. | map(string) | | {} | +| [policy_rules](variables.tf#L66) | List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created. | object({…}) | | {} | +| [ports](variables.tf#L119) | Ports to use for Secure Web Proxy. | list(number) | | [443] | +| [scope](variables.tf#L135) | Scope determines how configuration across multiple Gateway instances are merged. | string | | null | +| [tls_inspection_config](variables.tf#L146) | TLS inspection configuration. | object({…}) | | null | ## Outputs diff --git a/modules/net-vpc-swp/main.tf b/modules/net-vpc-swp/main.tf index fa65fff8..aebe19dc 100644 --- a/modules/net-vpc-swp/main.tf +++ b/modules/net-vpc-swp/main.tf @@ -23,7 +23,7 @@ resource "google_network_security_gateway_security_policy" "policy" { project = var.project_id name = var.name location = var.region - description = var.tls_inspection_config != null ? var.tls_inspection_config.gateway_description : null + description = var.gateway_security_policy_description tls_inspection_policy = var.tls_inspection_config != null ? google_network_security_tls_inspection_policy.tls-policy.0.id : null } @@ -33,7 +33,7 @@ resource "google_network_security_tls_inspection_policy" "tls-policy" { project = var.project_id name = var.name location = var.region - description = var.tls_inspection_config.tls_description + description = var.tls_inspection_config.description ca_pool = var.tls_inspection_config.ca_pool exclude_public_ca_set = var.tls_inspection_config.exclude_public_ca_set } diff --git a/modules/net-vpc-swp/variables.tf b/modules/net-vpc-swp/variables.tf index fed232e9..cca864ce 100644 --- a/modules/net-vpc-swp/variables.tf +++ b/modules/net-vpc-swp/variables.tf @@ -41,6 +41,12 @@ variable "description" { default = "Managed by Terraform." } +variable "gateway_security_policy_description" { + description = "Optional description for the gateway security policy." + type = string + default = "Managed by Terraform." +} + variable "labels" { description = "Resource labels." type = map(string) @@ -140,10 +146,9 @@ variable "subnetwork" { variable "tls_inspection_config" { description = "TLS inspection configuration." type = object({ - ca_pool = string + ca_pool = optional(string, null) exclude_public_ca_set = optional(bool, false) - gateway_description = optional(string, "Managed by Terraform.") - tls_description = optional(string, "Managed by Terraform.") + description = optional(string, "Managed by Terraform.") }) default = null }