fix logic for default source range in firewall ingress rules (#1815)
This commit is contained in:
parent
30d7126b83
commit
d0b1ced280
|
@ -7,6 +7,19 @@ This module allows creation and management of different types of firewall rules
|
|||
|
||||
The predefined rules are enabled by default and set to the ranges of the GCP health checkers for HTTP/HTTPS, and the IAP forwarders for SSH. See the relevant section below on how to configure or disable them.
|
||||
|
||||
<!-- BEGIN TOC -->
|
||||
- [Examples](#examples)
|
||||
- [Minimal open firewall](#minimal-open-firewall)
|
||||
- [Custom rules](#custom-rules)
|
||||
- [Controlling or turning off default rules](#controlling-or-turning-off-default-rules)
|
||||
- [Overriding default tags and ranges](#overriding-default-tags-and-ranges)
|
||||
- [Disabling predefined rules](#disabling-predefined-rules)
|
||||
- [Including source & destination ranges](#including-source-destination-ranges)
|
||||
- [Rules Factory](#rules-factory)
|
||||
- [Variables](#variables)
|
||||
- [Outputs](#outputs)
|
||||
<!-- END TOC -->
|
||||
|
||||
## Examples
|
||||
|
||||
### Minimal open firewall
|
||||
|
|
|
@ -97,7 +97,7 @@ resource "google_compute_firewall" "custom-rules" {
|
|||
source_ranges = (
|
||||
each.value.direction == "INGRESS"
|
||||
? (
|
||||
each.value.source_ranges == null
|
||||
each.value.source_ranges == null && each.value.sources == null
|
||||
? ["0.0.0.0/0"]
|
||||
: each.value.source_ranges
|
||||
)
|
||||
|
|
|
@ -53,8 +53,6 @@ values:
|
|||
network: my-network
|
||||
priority: 1000
|
||||
project: my-project
|
||||
source_ranges:
|
||||
- 0.0.0.0/0
|
||||
source_service_accounts:
|
||||
- service-1@my-project.iam.gserviceaccount.com
|
||||
source_tags: null
|
||||
|
|
Loading…
Reference in New Issue