Merge pull request #1059 from GoogleCloudPlatform/jccb/fix-net-vpc-factory
Read ranges from correct fields in firewall factory
This commit is contained in:
commit
ba8d14afb5
|
@ -143,7 +143,7 @@ module "firewall" {
|
|||
}
|
||||
default_rules_config = { disabled = true }
|
||||
}
|
||||
# tftest modules=1 resources=1 files=lbs,cidrs
|
||||
# tftest modules=1 resources=3 files=lbs,cidrs
|
||||
```
|
||||
|
||||
```yaml
|
||||
|
@ -151,7 +151,7 @@ module "firewall" {
|
|||
ingress:
|
||||
allow-healthchecks:
|
||||
description: Allow ingress from healthchecks.
|
||||
ranges:
|
||||
source_ranges:
|
||||
- healthchecks
|
||||
targets: ["lb-backends"]
|
||||
rules:
|
||||
|
@ -159,6 +159,25 @@ ingress:
|
|||
ports:
|
||||
- 80
|
||||
- 443
|
||||
allow-service-1-to-service-2:
|
||||
description: Allow ingress from service-1 SA
|
||||
targets: ["service-2"]
|
||||
use_service_accounts: true
|
||||
sources:
|
||||
- service-1@my-project.iam.gserviceaccount.com
|
||||
rules:
|
||||
- protocol: tcp
|
||||
ports:
|
||||
- 80
|
||||
- 443
|
||||
egress:
|
||||
block-telnet:
|
||||
description: block outbound telnet
|
||||
deny: true
|
||||
rules:
|
||||
- protocol: tcp
|
||||
ports:
|
||||
- 23
|
||||
```
|
||||
|
||||
```yaml
|
||||
|
|
|
@ -29,12 +29,12 @@ locals {
|
|||
deny = try(rule.deny, false)
|
||||
rules = try(rule.rules, [{ protocol = "all" }])
|
||||
description = try(rule.description, null)
|
||||
destination_ranges = try(rule.ranges, null)
|
||||
destination_ranges = try(rule.destination_ranges, null)
|
||||
direction = upper(direction)
|
||||
disabled = try(rule.disabled, null)
|
||||
enable_logging = try(rule.enable_logging, null)
|
||||
priority = try(rule.priority, 1000)
|
||||
source_ranges = try(rule.ranges, null)
|
||||
source_ranges = try(rule.source_ranges, null)
|
||||
sources = try(rule.sources, null)
|
||||
targets = try(rule.targets, null)
|
||||
use_service_accounts = try(rule.use_service_accounts, false)
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
ingress:
|
||||
allow-healthchecks:
|
||||
description: Allow ingress from healthchecks.
|
||||
ranges:
|
||||
source_ranges:
|
||||
- healthchecks
|
||||
targets: ["lb-backends"]
|
||||
rules:
|
||||
|
|
Loading…
Reference in New Issue