net-vpc-firewall turning off default rules

[eliamaldini]

Hi Team,
it seems that on the net-vpc-firewall module there is an issue when you try to turn off the default routes.

According to the the variable description: "... Set the variable or individual members to null to disable." it is possible to disable the default routes in these two ways:

default_rules_config = null

or

default_rules_config = {
    admin_ranges = null
    https_ranges = null
    ssh_ranges   = null
  }

but both of them didn't work and the default routes are always applied.

The only way that it works is by adding disabled = true.

Thanks

[ludoo]

Yep, documentation is incorrect, good catch. This is what we should say there:

Set var.default_rules_config.disabled = true to disable all

tf plan -var project_id=foo -var network=bar \
  -var default_rules_config='{disabled=true}'

Changes to Outputs:
  + default_rules = {
      + admin = []
      + http  = []
      + https = []
      + ssh   = []
    }
  + rules         = {}

or set individual rules to the empty list to disable them individually

tf plan -var project_id=foo -var network=bar \
  -var default_rules_config='{http_ranges=[], https_ranges=[], ssh_ranges=[]}'

Changes to Outputs:
  + default_rules = {
      + admin = []
      + http  = []
      + https = []
      + ssh   = []
    }
  + rules         = {}

[ludoo]

Actually, the README is super clear on this already

[ludoo]

Actually it's the variable description which needs updating, sending a PR now.