logging for default ingress rules in FAST (#2030)
* Add default ingress deny rule with logging to FAST net stages. Fixes #2024 * Allow firewall factory to omit rules key * Fix tests * Fix fast tests * fix fast tests
This commit is contained in:
parent
7b58114d65
commit
da95434308
|
@ -0,0 +1,9 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
ingress-default-deny:
|
||||||
|
description: "Deny and log any unmatched ingress traffic."
|
||||||
|
deny: true
|
||||||
|
priority: 65535
|
||||||
|
enable_logging:
|
||||||
|
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
ingress-default-deny:
|
||||||
|
description: "Deny and log any unmatched ingress traffic."
|
||||||
|
deny: true
|
||||||
|
priority: 65535
|
||||||
|
enable_logging:
|
||||||
|
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
ingress-default-deny:
|
||||||
|
description: "Deny and log any unmatched ingress traffic."
|
||||||
|
deny: true
|
||||||
|
priority: 65535
|
||||||
|
enable_logging:
|
||||||
|
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
ingress-default-deny:
|
||||||
|
description: "Deny and log any unmatched ingress traffic."
|
||||||
|
deny: true
|
||||||
|
priority: 65535
|
||||||
|
enable_logging:
|
||||||
|
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
ingress-default-deny:
|
||||||
|
description: "Deny and log any unmatched ingress traffic."
|
||||||
|
deny: true
|
||||||
|
priority: 65535
|
||||||
|
enable_logging:
|
||||||
|
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
ingress-default-deny:
|
||||||
|
description: "Deny and log any unmatched ingress traffic."
|
||||||
|
deny: true
|
||||||
|
priority: 65535
|
||||||
|
enable_logging:
|
||||||
|
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
ingress-default-deny:
|
||||||
|
description: "Deny and log any unmatched ingress traffic."
|
||||||
|
deny: true
|
||||||
|
priority: 65535
|
||||||
|
enable_logging:
|
||||||
|
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
trusted-ingress-default-deny:
|
||||||
|
description: "Deny and log any unmatched ingress traffic."
|
||||||
|
deny: true
|
||||||
|
priority: 65535
|
||||||
|
enable_logging:
|
||||||
|
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
untrusted-ingress-default-deny:
|
||||||
|
description: "Deny and log any unmatched ingress traffic."
|
||||||
|
deny: true
|
||||||
|
priority: 65535
|
||||||
|
enable_logging:
|
||||||
|
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
ingress-default-deny:
|
||||||
|
description: "Deny and log any unmatched ingress traffic."
|
||||||
|
deny: true
|
||||||
|
priority: 65535
|
||||||
|
enable_logging:
|
||||||
|
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
ingress-default-deny:
|
||||||
|
description: "Deny and log any unmatched ingress traffic."
|
||||||
|
deny: true
|
||||||
|
priority: 65535
|
||||||
|
enable_logging:
|
||||||
|
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
ingress-default-deny:
|
||||||
|
description: "Deny and log any unmatched ingress traffic."
|
||||||
|
deny: true
|
||||||
|
priority: 65535
|
||||||
|
enable_logging:
|
||||||
|
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
ingress-default-deny:
|
||||||
|
description: "Deny and log any unmatched ingress traffic."
|
||||||
|
deny: true
|
||||||
|
priority: 65535
|
||||||
|
enable_logging:
|
||||||
|
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
trusted-ingress-default-deny:
|
||||||
|
description: "Deny and log any unmatched ingress traffic."
|
||||||
|
deny: true
|
||||||
|
priority: 65535
|
||||||
|
enable_logging:
|
||||||
|
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
untrusted-ingress-default-deny:
|
||||||
|
description: "Deny and log any unmatched ingress traffic."
|
||||||
|
deny: true
|
||||||
|
priority: 65535
|
||||||
|
enable_logging:
|
||||||
|
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
ingress-default-deny:
|
||||||
|
description: "Deny and log any unmatched ingress traffic."
|
||||||
|
deny: true
|
||||||
|
priority: 65535
|
||||||
|
enable_logging:
|
||||||
|
include_metadata: false
|
|
@ -1,5 +1,5 @@
|
||||||
/**
|
/**
|
||||||
* Copyright 2022 Google LLC
|
* Copyright 2024 Google LLC
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -27,7 +27,7 @@ locals {
|
||||||
for name, rule in ruleset : {
|
for name, rule in ruleset : {
|
||||||
name = name
|
name = name
|
||||||
deny = try(rule.deny, false)
|
deny = try(rule.deny, false)
|
||||||
rules = try(rule.rules, [{ protocol = "all" }])
|
rules = try(rule.rules, [{ protocol = "all", ports = null }])
|
||||||
description = try(rule.description, null)
|
description = try(rule.description, null)
|
||||||
destination_ranges = try(rule.destination_ranges, null)
|
destination_ranges = try(rule.destination_ranges, null)
|
||||||
direction = upper(direction)
|
direction = upper(direction)
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Copyright 2023 Google LLC
|
# Copyright 2024 Google LLC
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
# you may not use this file except in compliance with the License.
|
# you may not use this file except in compliance with the License.
|
||||||
|
@ -13,5 +13,5 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
counts:
|
counts:
|
||||||
modules: 28
|
modules: 29
|
||||||
resources: 148
|
resources: 151
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Copyright 2023 Google LLC
|
# Copyright 2024 Google LLC
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
# you may not use this file except in compliance with the License.
|
# you may not use this file except in compliance with the License.
|
||||||
|
@ -13,5 +13,5 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
counts:
|
counts:
|
||||||
modules: 30
|
modules: 31
|
||||||
resources: 185
|
resources: 188
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Copyright 2023 Google LLC
|
# Copyright 2024 Google LLC
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
# you may not use this file except in compliance with the License.
|
# you may not use this file except in compliance with the License.
|
||||||
|
@ -13,5 +13,5 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
counts:
|
counts:
|
||||||
modules: 42
|
modules: 43
|
||||||
resources: 195
|
resources: 199
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Copyright 2023 Google LLC
|
# Copyright 2024 Google LLC
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
# you may not use this file except in compliance with the License.
|
# you may not use this file except in compliance with the License.
|
||||||
|
@ -13,5 +13,5 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
counts:
|
counts:
|
||||||
modules: 21
|
modules: 22
|
||||||
resources: 170
|
resources: 172
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Copyright 2023 Google LLC
|
# Copyright 2024 Google LLC
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
# you may not use this file except in compliance with the License.
|
# you may not use this file except in compliance with the License.
|
||||||
|
@ -13,5 +13,5 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
counts:
|
counts:
|
||||||
modules: 36
|
modules: 37
|
||||||
resources: 206
|
resources: 210
|
||||||
|
|
Loading…
Reference in New Issue