Ludo hfw fixes (#400)
* fix tfdoc replacement * ignore changes to rule description * add folder example, fixes #339
This commit is contained in:
parent
54367f2947
commit
e2f5b96f4a
|
@ -47,6 +47,61 @@ module "folder" {
|
|||
# tftest:modules=1:resources=4
|
||||
```
|
||||
|
||||
### Firewall policy factory
|
||||
|
||||
In the same way as for the [organization]()../organization) module, the in-built factory allows you to define a single policy, using one file for rules, and an optional file for CIDR range substitution variables. Remember that non-absolute paths are relative to the root module (the folder where you run `terraform`).
|
||||
|
||||
```hcl
|
||||
module "folder" {
|
||||
source = "./modules/folder"
|
||||
parent = "organizations/1234567890"
|
||||
name = "Folder name"
|
||||
firewall_policy_factory = {
|
||||
cidr_file = "data/cidrs.yaml
|
||||
policy_name = null
|
||||
rules_file = "data/rules.yaml"
|
||||
}
|
||||
}
|
||||
# tftest:skip
|
||||
```
|
||||
|
||||
```yaml
|
||||
# cidrs.yaml
|
||||
|
||||
rfc1918:
|
||||
- 10.0.0.0/8
|
||||
- 172.168.0.0/12
|
||||
- 192.168.0.0/16
|
||||
```
|
||||
|
||||
```yaml
|
||||
# rules.yaml
|
||||
|
||||
allow-admins:
|
||||
description: Access from the admin subnet to all subnets
|
||||
direction: INGRESS
|
||||
action: allow
|
||||
priority: 1000
|
||||
ranges:
|
||||
- $rfc1918
|
||||
ports:
|
||||
all: []
|
||||
target_resources: null
|
||||
enable_logging: false
|
||||
|
||||
allow-ssh-from-iap:
|
||||
description: Enable SSH from IAP
|
||||
direction: INGRESS
|
||||
action: allow
|
||||
priority: 1002
|
||||
ranges:
|
||||
- 35.235.240.0/20
|
||||
ports:
|
||||
tcp: ["22"]
|
||||
target_resources: null
|
||||
enable_logging: false
|
||||
```
|
||||
|
||||
### Logging Sinks
|
||||
|
||||
```hcl
|
||||
|
|
|
@ -85,6 +85,11 @@ resource "google_compute_organization_security_policy_rule" "rule" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# TODO: remove once provider issues is fixed
|
||||
# https://github.com/hashicorp/terraform-provider-google/issues/7790
|
||||
lifecycle {
|
||||
ignore_changes = [description]
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_organization_security_policy_association" "attachment" {
|
||||
|
|
|
@ -92,6 +92,11 @@ resource "google_compute_organization_security_policy_rule" "rule" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# TODO: remove once provider issues is fixed
|
||||
# https://github.com/hashicorp/terraform-provider-google/issues/7790
|
||||
lifecycle {
|
||||
ignore_changes = [description]
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_organization_security_policy_association" "attachment" {
|
||||
|
|
Loading…
Reference in New Issue