Skip to content

Commit

Permalink
fix logic for default source range in firewall ingress rules (#1815)
Browse files Browse the repository at this point in the history
  • Loading branch information
ludoo authored Oct 26, 2023
1 parent 30d7126 commit d0b1ced
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 3 deletions.
13 changes: 13 additions & 0 deletions modules/net-vpc-firewall/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,19 @@ This module allows creation and management of different types of firewall rules

The predefined rules are enabled by default and set to the ranges of the GCP health checkers for HTTP/HTTPS, and the IAP forwarders for SSH. See the relevant section below on how to configure or disable them.

<!-- BEGIN TOC -->
- [Examples](#examples)
- [Minimal open firewall](#minimal-open-firewall)
- [Custom rules](#custom-rules)
- [Controlling or turning off default rules](#controlling-or-turning-off-default-rules)
- [Overriding default tags and ranges](#overriding-default-tags-and-ranges)
- [Disabling predefined rules](#disabling-predefined-rules)
- [Including source & destination ranges](#including-source-destination-ranges)
- [Rules Factory](#rules-factory)
- [Variables](#variables)
- [Outputs](#outputs)
<!-- END TOC -->

## Examples

### Minimal open firewall
Expand Down
2 changes: 1 addition & 1 deletion modules/net-vpc-firewall/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ resource "google_compute_firewall" "custom-rules" {
source_ranges = (
each.value.direction == "INGRESS"
? (
each.value.source_ranges == null
each.value.source_ranges == null && each.value.sources == null
? ["0.0.0.0/0"]
: each.value.source_ranges
)
Expand Down
2 changes: 0 additions & 2 deletions tests/modules/net_vpc_firewall/examples/factory.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,6 @@ values:
network: my-network
priority: 1000
project: my-project
source_ranges:
- 0.0.0.0/0
source_service_accounts:
- [email protected]
source_tags: null
Expand Down

0 comments on commit d0b1ced

Please sign in to comment.