Merge pull request #1059 from GoogleCloudPlatform/jccb/fix-net-vpc-factory

Read ranges from correct fields in firewall factory
2022-12-20 10:13:53 +01:00 · 2022-12-20 10:13:53 +01:00 · ba8d14afb5
parent b487b2c938 4d0c3b40f2
commit ba8d14afb5
3 changed files with 24 additions and 5 deletions
--- a/modules/net-vpc-firewall/README.md
+++ b/modules/net-vpc-firewall/README.md
@ -143,7 +143,7 @@ module "firewall" {
  }
  default_rules_config = { disabled = true }
 }
-# tftest modules=1 resources=1 files=lbs,cidrs
+# tftest modules=1 resources=3 files=lbs,cidrs
 ```

 ```yaml
@ -151,7 +151,7 @@ module "firewall" {
 ingress:
  allow-healthchecks:
    description: Allow ingress from healthchecks.
-    ranges:
+    source_ranges:
      - healthchecks
    targets: ["lb-backends"]
    rules:
@ -159,6 +159,25 @@ ingress:
        ports:
          - 80
          - 443
+  allow-service-1-to-service-2:
+    description: Allow ingress from service-1 SA
+    targets: ["service-2"]
+    use_service_accounts: true
+    sources:
+      - service-1@my-project.iam.gserviceaccount.com
+    rules:
+      - protocol: tcp
+        ports:
+          - 80
+          - 443
+egress:
+  block-telnet:
+    description: block outbound telnet
+    deny: true
+    rules:
+      - protocol: tcp
+        ports:
+          - 23
 ```

 ```yaml
--- a/modules/net-vpc-firewall/main.tf
+++ b/modules/net-vpc-firewall/main.tf
@ -29,12 +29,12 @@ locals {
          deny                 = try(rule.deny, false)
          rules                = try(rule.rules, [{ protocol = "all" }])
          description          = try(rule.description, null)
-          destination_ranges   = try(rule.ranges, null)
+          destination_ranges   = try(rule.destination_ranges, null)
          direction            = upper(direction)
          disabled             = try(rule.disabled, null)
          enable_logging       = try(rule.enable_logging, null)
          priority             = try(rule.priority, 1000)
-          source_ranges        = try(rule.ranges, null)
+          source_ranges        = try(rule.source_ranges, null)
          sources              = try(rule.sources, null)
          targets              = try(rule.targets, null)
          use_service_accounts = try(rule.use_service_accounts, false)
--- a/tests/modules/net_vpc_firewall/fixture/config/firewall/load_balancers.yaml
+++ b/tests/modules/net_vpc_firewall/fixture/config/firewall/load_balancers.yaml
@ -15,7 +15,7 @@
 ingress:
  allow-healthchecks:
    description: Allow ingress from healthchecks.
-    ranges:
+    source_ranges:
      - healthchecks
    targets: ["lb-backends"]
    rules: