Skip to content

Commit

Permalink
add support for routing mode to net-swp module (#2751)
Browse files Browse the repository at this point in the history 
Co-authored-by: Julio Castillo <[email protected]>
  • Loading branch information
@ludoo @juliocc
ludoo and juliocc authored Dec 8, 2024
1 parent b6421ec commit 36b70bd
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 12 deletions.
23 changes: 11 additions & 12 deletions modules/net-swp/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -340,26 +340,25 @@ matcher_args:
- service_account:foo
# tftest-file id=2 path=data/policy-rules/service-account-0.yaml schema=policy-rule.schema.json
```

<!-- BEGIN TFDOC -->
## Variables

| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [gateway_config](variables.tf#L40) | Optional Secure Web Gateway configuration. | <code title="object&#40;&#123;&#10; addresses &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; delete_router_on_destroy &#61; optional&#40;bool, true&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; ports &#61; optional&#40;list&#40;string&#41;, &#91;443&#93;&#41;&#10; scope &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> || |
| [name](variables.tf#L52) | Name of the Secure Web Proxy resource. | <code>string</code> || |
| [network](variables.tf#L57) | Name of the network the Secure Web Proxy is deployed into. | <code>string</code> || |
| [project_id](variables.tf#L107) | Project id of the project that holds the network. | <code>string</code> || |
| [region](variables.tf#L112) | Region where resources will be created. | <code>string</code> || |
| [subnetwork](variables.tf#L132) | Name of the subnetwork the Secure Web Proxy is deployed into. | <code>string</code> || |
| [gateway_config](variables.tf#L40) | Optional Secure Web Gateway configuration. | <code title="object&#40;&#123;&#10; addresses &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; delete_router_on_destroy &#61; optional&#40;bool, true&#41;&#10; labels &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; next_hop_routing_mode &#61; optional&#40;bool, false&#41;&#10; ports &#61; optional&#40;list&#40;string&#41;, &#91;443&#93;&#41;&#10; scope &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> || |
| [name](variables.tf#L53) | Name of the Secure Web Proxy resource. | <code>string</code> || |
| [network](variables.tf#L58) | Name of the network the Secure Web Proxy is deployed into. | <code>string</code> || |
| [project_id](variables.tf#L108) | Project id of the project that holds the network. | <code>string</code> || |
| [region](variables.tf#L113) | Region where resources will be created. | <code>string</code> || |
| [subnetwork](variables.tf#L133) | Name of the subnetwork the Secure Web Proxy is deployed into. | <code>string</code> || |
| [certificates](variables.tf#L17) | List of certificates to be used for Secure Web Proxy. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [description](variables.tf#L24) | Optional description for the created resources. | <code>string</code> | | <code>&#34;Managed by Terraform.&#34;</code> |
| [factories_config](variables.tf#L30) | Path to folder with YAML resource description data files. | <code title="object&#40;&#123;&#10; policy_rules &#61; optional&#40;string&#41;&#10; url_lists &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [policy_rules](variables.tf#L62) | Policy rules definitions. Merged with policy rules defined via the factory. | <code title="map&#40;object&#40;&#123;&#10; priority &#61; number&#10; allow &#61; optional&#40;bool, true&#41;&#10; description &#61; optional&#40;string&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; session_matcher &#61; optional&#40;string&#41;&#10; tls_inspect &#61; optional&#40;bool&#41;&#10; matcher_args &#61; optional&#40;object&#40;&#123;&#10; application &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; session &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [policy_rules_contexts](variables.tf#L96) | Replacement contexts for policy rules matcher arguments. | <code title="object&#40;&#123;&#10; secure_tags &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; service_accounts &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; url_lists &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_attachment](variables.tf#L117) | PSC service attachment configuration. | <code title="object&#40;&#123;&#10; nat_subnets &#61; list&#40;string&#41;&#10; automatic_connection &#61; optional&#40;bool, false&#41;&#10; consumer_accept_lists &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; consumer_reject_lists &#61; optional&#40;list&#40;string&#41;&#41;&#10; description &#61; optional&#40;string&#41;&#10; domain_name &#61; optional&#40;string&#41;&#10; enable_proxy_protocol &#61; optional&#40;bool, false&#41;&#10; reconcile_connections &#61; optional&#40;bool&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [tls_inspection_config](variables.tf#L137) | TLS inspection configuration. | <code title="object&#40;&#123;&#10; create_config &#61; optional&#40;object&#40;&#123;&#10; ca_pool &#61; optional&#40;string, null&#41;&#10; description &#61; optional&#40;string, null&#41;&#10; exclude_public_ca_set &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;, null&#41;&#10; id &#61; optional&#40;string, null&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [url_lists](variables.tf#L158) | URL lists. | <code title="map&#40;object&#40;&#123;&#10; values &#61; list&#40;string&#41;&#10; description &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [policy_rules](variables.tf#L63) | Policy rules definitions. Merged with policy rules defined via the factory. | <code title="map&#40;object&#40;&#123;&#10; priority &#61; number&#10; allow &#61; optional&#40;bool, true&#41;&#10; description &#61; optional&#40;string&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; session_matcher &#61; optional&#40;string&#41;&#10; tls_inspect &#61; optional&#40;bool&#41;&#10; matcher_args &#61; optional&#40;object&#40;&#123;&#10; application &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; session &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [policy_rules_contexts](variables.tf#L97) | Replacement contexts for policy rules matcher arguments. | <code title="object&#40;&#123;&#10; secure_tags &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; service_accounts &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; url_lists &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_attachment](variables.tf#L118) | PSC service attachment configuration. | <code title="object&#40;&#123;&#10; nat_subnets &#61; list&#40;string&#41;&#10; automatic_connection &#61; optional&#40;bool, false&#41;&#10; consumer_accept_lists &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10; consumer_reject_lists &#61; optional&#40;list&#40;string&#41;&#41;&#10; description &#61; optional&#40;string&#41;&#10; domain_name &#61; optional&#40;string&#41;&#10; enable_proxy_protocol &#61; optional&#40;bool, false&#41;&#10; reconcile_connections &#61; optional&#40;bool&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [tls_inspection_config](variables.tf#L138) | TLS inspection configuration. | <code title="object&#40;&#123;&#10; create_config &#61; optional&#40;object&#40;&#123;&#10; ca_pool &#61; optional&#40;string, null&#41;&#10; description &#61; optional&#40;string, null&#41;&#10; exclude_public_ca_set &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;, null&#41;&#10; id &#61; optional&#40;string, null&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [url_lists](variables.tf#L159) | URL lists. | <code title="map&#40;object&#40;&#123;&#10; values &#61; list&#40;string&#41;&#10; description &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |

## Outputs

Expand Down
5 changes: 5 additions & 0 deletions modules/net-swp/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,11 @@ resource "google_network_services_gateway" "default" {
)
network = var.network
subnetwork = var.subnetwork
routing_mode = (
var.gateway_config.next_hop_routing_mode
? "NEXT_HOP_ROUTING_MODE"
: null
)
delete_swg_autogen_router_on_destroy = (
var.gateway_config.delete_router_on_destroy
)
Expand Down
1 change: 1 addition & 0 deletions modules/net-swp/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ variable "gateway_config" {
addresses = optional(list(string), [])
delete_router_on_destroy = optional(bool, true)
labels = optional(map(string), {})
next_hop_routing_mode = optional(bool, false)
ports = optional(list(string), [443])
scope = optional(string)
})
Expand Down

0 comments on commit 36b70bd

Please sign in to comment.