logging for default ingress rules in FAST (#2030)
* Add default ingress deny rule with logging to FAST net stages. Fixes #2024 * Allow firewall factory to omit rules key * Fix tests * Fix fast tests * fix fast tests
This commit is contained in:
parent
7b58114d65
commit
da95434308
|
@ -0,0 +1,9 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress:
|
||||
ingress-default-deny:
|
||||
description: "Deny and log any unmatched ingress traffic."
|
||||
deny: true
|
||||
priority: 65535
|
||||
enable_logging:
|
||||
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress:
|
||||
ingress-default-deny:
|
||||
description: "Deny and log any unmatched ingress traffic."
|
||||
deny: true
|
||||
priority: 65535
|
||||
enable_logging:
|
||||
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress:
|
||||
ingress-default-deny:
|
||||
description: "Deny and log any unmatched ingress traffic."
|
||||
deny: true
|
||||
priority: 65535
|
||||
enable_logging:
|
||||
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress:
|
||||
ingress-default-deny:
|
||||
description: "Deny and log any unmatched ingress traffic."
|
||||
deny: true
|
||||
priority: 65535
|
||||
enable_logging:
|
||||
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress:
|
||||
ingress-default-deny:
|
||||
description: "Deny and log any unmatched ingress traffic."
|
||||
deny: true
|
||||
priority: 65535
|
||||
enable_logging:
|
||||
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress:
|
||||
ingress-default-deny:
|
||||
description: "Deny and log any unmatched ingress traffic."
|
||||
deny: true
|
||||
priority: 65535
|
||||
enable_logging:
|
||||
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress:
|
||||
ingress-default-deny:
|
||||
description: "Deny and log any unmatched ingress traffic."
|
||||
deny: true
|
||||
priority: 65535
|
||||
enable_logging:
|
||||
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress:
|
||||
trusted-ingress-default-deny:
|
||||
description: "Deny and log any unmatched ingress traffic."
|
||||
deny: true
|
||||
priority: 65535
|
||||
enable_logging:
|
||||
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress:
|
||||
untrusted-ingress-default-deny:
|
||||
description: "Deny and log any unmatched ingress traffic."
|
||||
deny: true
|
||||
priority: 65535
|
||||
enable_logging:
|
||||
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress:
|
||||
ingress-default-deny:
|
||||
description: "Deny and log any unmatched ingress traffic."
|
||||
deny: true
|
||||
priority: 65535
|
||||
enable_logging:
|
||||
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress:
|
||||
ingress-default-deny:
|
||||
description: "Deny and log any unmatched ingress traffic."
|
||||
deny: true
|
||||
priority: 65535
|
||||
enable_logging:
|
||||
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress:
|
||||
ingress-default-deny:
|
||||
description: "Deny and log any unmatched ingress traffic."
|
||||
deny: true
|
||||
priority: 65535
|
||||
enable_logging:
|
||||
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress:
|
||||
ingress-default-deny:
|
||||
description: "Deny and log any unmatched ingress traffic."
|
||||
deny: true
|
||||
priority: 65535
|
||||
enable_logging:
|
||||
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress:
|
||||
trusted-ingress-default-deny:
|
||||
description: "Deny and log any unmatched ingress traffic."
|
||||
deny: true
|
||||
priority: 65535
|
||||
enable_logging:
|
||||
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress:
|
||||
untrusted-ingress-default-deny:
|
||||
description: "Deny and log any unmatched ingress traffic."
|
||||
deny: true
|
||||
priority: 65535
|
||||
enable_logging:
|
||||
include_metadata: false
|
|
@ -0,0 +1,9 @@
|
|||
# skip boilerplate check
|
||||
|
||||
ingress:
|
||||
ingress-default-deny:
|
||||
description: "Deny and log any unmatched ingress traffic."
|
||||
deny: true
|
||||
priority: 65535
|
||||
enable_logging:
|
||||
include_metadata: false
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -27,7 +27,7 @@ locals {
|
|||
for name, rule in ruleset : {
|
||||
name = name
|
||||
deny = try(rule.deny, false)
|
||||
rules = try(rule.rules, [{ protocol = "all" }])
|
||||
rules = try(rule.rules, [{ protocol = "all", ports = null }])
|
||||
description = try(rule.description, null)
|
||||
destination_ranges = try(rule.destination_ranges, null)
|
||||
direction = upper(direction)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2023 Google LLC
|
||||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -13,5 +13,5 @@
|
|||
# limitations under the License.
|
||||
|
||||
counts:
|
||||
modules: 28
|
||||
resources: 148
|
||||
modules: 29
|
||||
resources: 151
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2023 Google LLC
|
||||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -13,5 +13,5 @@
|
|||
# limitations under the License.
|
||||
|
||||
counts:
|
||||
modules: 30
|
||||
resources: 185
|
||||
modules: 31
|
||||
resources: 188
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2023 Google LLC
|
||||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -13,5 +13,5 @@
|
|||
# limitations under the License.
|
||||
|
||||
counts:
|
||||
modules: 42
|
||||
resources: 195
|
||||
modules: 43
|
||||
resources: 199
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2023 Google LLC
|
||||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -13,5 +13,5 @@
|
|||
# limitations under the License.
|
||||
|
||||
counts:
|
||||
modules: 21
|
||||
resources: 170
|
||||
modules: 22
|
||||
resources: 172
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2023 Google LLC
|
||||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -13,5 +13,5 @@
|
|||
# limitations under the License.
|
||||
|
||||
counts:
|
||||
modules: 36
|
||||
resources: 206
|
||||
modules: 37
|
||||
resources: 210
|
||||
|
|
Loading…
Reference in New Issue