diff --git a/modules/net-vpc-swp/README.md b/modules/net-vpc-swp/README.md
index 381d04eeda..1e5d999dfb 100644
--- a/modules/net-vpc-swp/README.md
+++ b/modules/net-vpc-swp/README.md
@@ -171,17 +171,18 @@ module "secure-web-proxy" {
|---|---|:---:|:---:|:---:|
| [addresses](variables.tf#L19) | One or more IP addresses to be used for Secure Web Proxy. | list(string) | ✓ | |
-| [name](variables.tf#L44) | Name of the Secure Web Proxy resource. | string | ✓ | |
-| [network](variables.tf#L49) | Name of the network the Secure Web Proxy is deployed into. | string | ✓ | |
-| [project_id](variables.tf#L110) | Project id of the project that holds the network. | string | ✓ | |
-| [region](variables.tf#L115) | Region where resources will be created. | string | ✓ | |
-| [subnetwork](variables.tf#L126) | Name of the subnetwork the Secure Web Proxy is deployed into. | string | ✓ | |
+| [name](variables.tf#L50) | Name of the Secure Web Proxy resource. | string | ✓ | |
+| [network](variables.tf#L55) | Name of the network the Secure Web Proxy is deployed into. | string | ✓ | |
+| [project_id](variables.tf#L119) | Project id of the project that holds the network. | string | ✓ | |
+| [region](variables.tf#L124) | Region where resources will be created. | string | ✓ | |
+| [subnetwork](variables.tf#L135) | Name of the subnetwork the Secure Web Proxy is deployed into. | string | ✓ | |
| [delete_swg_autogen_router_on_destroy](variables.tf#L32) | Delete automatically provisioned Cloud Router on destroy. | bool | | true |
-| [labels](variables.tf#L38) | Resource labels. | map(string) | | {} |
-| [policy_rules](variables.tf#L54) | List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created. | object({…}) | | {} |
-| [ports](variables.tf#L104) | Ports to use for Secure Web Proxy. | list(number) | | [443] |
-| [scope](variables.tf#L120) | Scope determines how configuration across multiple Gateway instances are merged. | string | | null |
-| [tls_inspection_config](variables.tf#L131) | TLS inspection configuration. | object({…}) | | null |
+| [description](variables.tf#L38) | Optional description for the created resources. | string | | "Managed by Terraform." |
+| [labels](variables.tf#L44) | Resource labels. | map(string) | | {} |
+| [policy_rules](variables.tf#L60) | List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created. | object({…}) | | {} |
+| [ports](variables.tf#L113) | Ports to use for Secure Web Proxy. | list(number) | | [443] |
+| [scope](variables.tf#L129) | Scope determines how configuration across multiple Gateway instances are merged. | string | | null |
+| [tls_inspection_config](variables.tf#L140) | TLS inspection configuration. | object({…}) | | null |
## Outputs
diff --git a/modules/net-vpc-swp/main.tf b/modules/net-vpc-swp/main.tf
index 88b2fc743c..bf19517ce9 100644
--- a/modules/net-vpc-swp/main.tf
+++ b/modules/net-vpc-swp/main.tf
@@ -23,7 +23,7 @@ resource "google_network_security_gateway_security_policy" "policy" {
project = var.project_id
name = var.name
location = var.region
- description = "Managed by Terraform."
+ description = var.description
tls_inspection_policy = var.tls_inspection_config != null ? google_network_security_tls_inspection_policy.tls-policy.0.id : null
}
@@ -33,6 +33,7 @@ resource "google_network_security_tls_inspection_policy" "tls-policy" {
project = var.project_id
name = var.name
location = var.region
+ description = coalesce(var.tls_inspection_config.description, var.description)
ca_pool = var.tls_inspection_config.ca_pool
exclude_public_ca_set = var.tls_inspection_config.exclude_public_ca_set
}
@@ -43,6 +44,7 @@ resource "google_network_security_gateway_security_policy_rule" "secure_tag_rule
project = var.project_id
name = each.key
location = var.region
+ description = coalesce(each.value.description, var.description)
gateway_security_policy = google_network_security_gateway_security_policy.policy.name
enabled = each.value.enabled
priority = each.value.priority
@@ -61,7 +63,7 @@ resource "google_network_security_url_lists" "url_lists" {
project = var.project_id
name = each.key
location = var.region
- description = "Managed by Terraform."
+ description = coalesce(each.value.description, var.description)
values = each.value.values
}
@@ -71,6 +73,7 @@ resource "google_network_security_gateway_security_policy_rule" "url_list_rules"
project = var.project_id
name = each.key
location = var.region
+ description = coalesce(each.value.description, var.description)
gateway_security_policy = google_network_security_gateway_security_policy.policy.name
enabled = each.value.enabled
priority = each.value.priority
@@ -93,6 +96,7 @@ resource "google_network_security_gateway_security_policy_rule" "custom_rules" {
provider = google-beta
name = each.key
location = var.region
+ description = coalesce(each.value.description, var.description)
gateway_security_policy = google_network_security_gateway_security_policy.policy.name
enabled = each.value.enabled
priority = each.value.priority
@@ -107,6 +111,7 @@ resource "google_network_services_gateway" "gateway" {
project = var.project_id
name = var.name
location = var.region
+ description = var.description
labels = var.labels
addresses = var.addresses != null ? var.addresses : []
type = "SECURE_WEB_GATEWAY"
diff --git a/modules/net-vpc-swp/variables.tf b/modules/net-vpc-swp/variables.tf
index 5f540dc2f4..17d9061ffc 100644
--- a/modules/net-vpc-swp/variables.tf
+++ b/modules/net-vpc-swp/variables.tf
@@ -35,6 +35,12 @@ variable "delete_swg_autogen_router_on_destroy" {
default = true
}
+variable "description" {
+ description = "Optional description for the created resources."
+ type = string
+ default = "Managed by Terraform."
+}
+
variable "labels" {
description = "Resource labels."
type = map(string)
@@ -62,6 +68,7 @@ variable "policy_rules" {
action = optional(string, "ALLOW")
enabled = optional(bool, true)
tls_inspection_enabled = optional(bool, false)
+ description = optional(string)
})), {})
url_lists = optional(map(object({
@@ -73,6 +80,7 @@ variable "policy_rules" {
action = optional(string, "ALLOW")
enabled = optional(bool, true)
tls_inspection_enabled = optional(bool, false)
+ description = optional(string)
})), {})
custom = optional(map(object({
@@ -82,6 +90,7 @@ variable "policy_rules" {
action = optional(string, "ALLOW")
enabled = optional(bool, true)
tls_inspection_enabled = optional(bool, false)
+ description = optional(string)
})), {})
})
validation {
@@ -131,8 +140,9 @@ variable "subnetwork" {
variable "tls_inspection_config" {
description = "TLS inspection configuration."
type = object({
- ca_pool = string
+ ca_pool = optional(string, null)
exclude_public_ca_set = optional(bool, false)
+ description = optional(string)
})
default = null
}
diff --git a/tests/modules/net_vpc_swp/examples/basic.yaml b/tests/modules/net_vpc_swp/examples/basic.yaml
index e3c63b5397..1b2e357c07 100644
--- a/tests/modules/net_vpc_swp/examples/basic.yaml
+++ b/tests/modules/net_vpc_swp/examples/basic.yaml
@@ -32,6 +32,7 @@ values:
delete_swg_autogen_router_on_destroy: true
labels:
example: "value"
+ description: "Managed by Terraform."
counts:
google_network_security_gateway_security_policy: 1
diff --git a/tests/modules/net_vpc_swp/examples/rules.yaml b/tests/modules/net_vpc_swp/examples/rules.yaml
index ee79664f30..d6c0789a80 100644
--- a/tests/modules/net_vpc_swp/examples/rules.yaml
+++ b/tests/modules/net_vpc_swp/examples/rules.yaml
@@ -30,6 +30,7 @@ values:
network: "projects/my-project/global/networks/my-network"
subnetwork: "projects/my-project/regions/europe-west4/subnetworks/my-subnetwork"
delete_swg_autogen_router_on_destroy: true
+ description: "Managed by Terraform."
module.secure-web-proxy.google_network_security_gateway_security_policy_rule.secure_tag_rules["secure-tag-1"]:
project: "my-project"
name: "secure-tag-1"
@@ -40,6 +41,7 @@ values:
application_matcher: null
tls_inspection_enabled: false
basic_profile: "ALLOW"
+ description: "Managed by Terraform."
module.secure-web-proxy.google_network_security_gateway_security_policy_rule.secure_tag_rules["secure-tag-2"]:
project: "my-project"
name: "secure-tag-2"
@@ -50,6 +52,7 @@ values:
application_matcher: null
tls_inspection_enabled: false
basic_profile: "ALLOW"
+ description: "Managed by Terraform."
module.secure-web-proxy.google_network_security_gateway_security_policy_rule.url_list_rules["url-list-1"]:
project: "my-project"
name: "url-list-1"
@@ -59,6 +62,7 @@ values:
application_matcher: null
tls_inspection_enabled: false
basic_profile: "ALLOW"
+ description: "Managed by Terraform."
module.secure-web-proxy.google_network_security_gateway_security_policy_rule.url_list_rules["url-list-2"]:
project: "my-project"
name: "url-list-2"
@@ -69,6 +73,7 @@ values:
application_matcher: null
tls_inspection_enabled: false
basic_profile: "ALLOW"
+ description: "Managed by Terraform."
module.secure-web-proxy.google_network_security_gateway_security_policy_rule.custom_rules["custom-rule-1"]:
project: "my-project"
name: "custom-rule-1"
@@ -79,6 +84,7 @@ values:
application_matcher: null
tls_inspection_enabled: false
basic_profile: "DENY"
+ description: "Managed by Terraform."
module.secure-web-proxy.google_network_security_url_lists.url_lists["my-url-list"]:
project: "my-project"
name: "my-url-list"
@@ -86,6 +92,7 @@ values:
values:
- "www.google.com"
- "google.com"
+ description: "Managed by Terraform."
counts:
google_network_security_gateway_security_policy: 1
diff --git a/tests/modules/net_vpc_swp/examples/tls.yaml b/tests/modules/net_vpc_swp/examples/tls.yaml
index 7d366eef96..039e58f5a7 100644
--- a/tests/modules/net_vpc_swp/examples/tls.yaml
+++ b/tests/modules/net_vpc_swp/examples/tls.yaml
@@ -18,11 +18,13 @@ values:
name: "secure-web-proxy"
project: "my-project"
location: "europe-west4"
+ description: "Managed by Terraform."
module.secure-web-proxy.google_network_security_tls_inspection_policy.tls-policy[0]:
project: "my-project"
name: "secure-web-proxy"
location: "europe-west4"
exclude_public_ca_set: false
+ description: "Managed by Terraform."
module.secure-web-proxy.google_network_services_gateway.gateway:
project: "my-project"
name: "secure-web-proxy"
@@ -35,6 +37,7 @@ values:
network: "projects/my-project/global/networks/my-network"
subnetwork: "projects/my-project/regions/europe-west4/subnetworks/my-subnetwork"
delete_swg_autogen_router_on_destroy: true
+ description: "Managed by Terraform."
module.secure-web-proxy.google_network_security_gateway_security_policy_rule.custom_rules["custom-rule-1"]:
project: "my-project"
name: "custom-rule-1"
@@ -45,6 +48,7 @@ values:
application_matcher: "request.path.contains('generate_204')"
tls_inspection_enabled: true
basic_profile: "ALLOW"
+ description: "Managed by Terraform."
google_privateca_ca_pool.pool:
name: "secure-web-proxy-capool"
location: "europe-west4"