150 lines
4.6 KiB
HCL
150 lines
4.6 KiB
HCL
/**
|
|
* Copyright 2023 Google LLC
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
|
|
|
|
variable "addresses" {
|
|
description = "One or more IP addresses to be used for Secure Web Proxy."
|
|
type = list(string)
|
|
validation {
|
|
condition = length(var.addresses) > 0
|
|
error_message = "Must specify at least one IP address."
|
|
}
|
|
}
|
|
|
|
variable "certificates" {
|
|
description = "List of certificates to be used for Secure Web Proxy."
|
|
type = list(string)
|
|
}
|
|
|
|
variable "delete_swg_autogen_router_on_destroy" {
|
|
description = "Delete automatically provisioned Cloud Router on destroy."
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "description" {
|
|
description = "Optional description for the created resources."
|
|
type = string
|
|
default = "Managed by Terraform."
|
|
}
|
|
|
|
variable "labels" {
|
|
description = "Resource labels."
|
|
type = map(string)
|
|
default = {}
|
|
}
|
|
|
|
variable "name" {
|
|
description = "Name of the Secure Web Proxy resource."
|
|
type = string
|
|
}
|
|
|
|
variable "network" {
|
|
description = "Name of the network the Secure Web Proxy is deployed into."
|
|
type = string
|
|
}
|
|
|
|
variable "policy_rules" {
|
|
description = "List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created."
|
|
type = object({
|
|
secure_tags = optional(map(object({
|
|
tag = string
|
|
session_matcher = optional(string)
|
|
application_matcher = optional(string)
|
|
priority = number
|
|
action = optional(string, "ALLOW")
|
|
enabled = optional(bool, true)
|
|
tls_inspection_enabled = optional(bool, false)
|
|
description = optional(string)
|
|
})), {})
|
|
|
|
url_lists = optional(map(object({
|
|
url_list = string
|
|
values = optional(list(string))
|
|
session_matcher = optional(string)
|
|
application_matcher = optional(string)
|
|
priority = number
|
|
action = optional(string, "ALLOW")
|
|
enabled = optional(bool, true)
|
|
tls_inspection_enabled = optional(bool, false)
|
|
description = optional(string)
|
|
})), {})
|
|
|
|
custom = optional(map(object({
|
|
session_matcher = optional(string)
|
|
application_matcher = optional(string)
|
|
priority = number
|
|
action = optional(string, "ALLOW")
|
|
enabled = optional(bool, true)
|
|
tls_inspection_enabled = optional(bool, false)
|
|
description = optional(string)
|
|
})), {})
|
|
})
|
|
validation {
|
|
condition = (
|
|
length(concat(
|
|
[for k, v in var.policy_rules.secure_tags : v.priority],
|
|
[for k, v in var.policy_rules.url_lists : v.priority],
|
|
[for k, v in var.policy_rules.custom : v.priority])) ==
|
|
length(distinct(concat(
|
|
[for k, v in var.policy_rules.secure_tags : v.priority],
|
|
[for k, v in var.policy_rules.url_lists : v.priority],
|
|
[for k, v in var.policy_rules.custom : v.priority])))
|
|
)
|
|
error_message = "Each rule must have unique priority."
|
|
}
|
|
default = {}
|
|
nullable = false
|
|
}
|
|
|
|
variable "ports" {
|
|
description = "Ports to use for Secure Web Proxy."
|
|
type = list(number)
|
|
default = [443]
|
|
}
|
|
|
|
variable "project_id" {
|
|
description = "Project id of the project that holds the network."
|
|
type = string
|
|
}
|
|
|
|
variable "region" {
|
|
description = "Region where resources will be created."
|
|
type = string
|
|
}
|
|
|
|
variable "scope" {
|
|
description = "Scope determines how configuration across multiple Gateway instances are merged."
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "subnetwork" {
|
|
description = "Name of the subnetwork the Secure Web Proxy is deployed into."
|
|
type = string
|
|
}
|
|
|
|
variable "tls_inspection_config" {
|
|
description = "TLS inspection configuration."
|
|
type = object({
|
|
ca_pool = optional(string, null)
|
|
exclude_public_ca_set = optional(bool, false)
|
|
description = optional(string)
|
|
})
|
|
default = null
|
|
}
|