Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

optional description in modules/net-vpc-swp #1513

Merged
merged 6 commits into from
Aug 1, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 11 additions & 10 deletions modules/net-vpc-swp/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -171,17 +171,18 @@ module "secure-web-proxy" {
|---|---|:---:|:---:|:---:|
| [addresses](variables.tf#L19) | One or more IP addresses to be used for Secure Web Proxy. | <code></code> | ✓ | |
| [certificates](variables.tf#L27) | List of certificates to be used for Secure Web Proxy. | <code>list&#40;string&#41;</code> | ✓ | |
| [name](variables.tf#L44) | Name of the Secure Web Proxy resource. | <code>string</code> | ✓ | |
| [network](variables.tf#L49) | Name of the network the Secure Web Proxy is deployed into. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L110) | Project id of the project that holds the network. | <code>string</code> | ✓ | |
| [region](variables.tf#L115) | Region where resources will be created. | <code>string</code> | ✓ | |
| [subnetwork](variables.tf#L126) | Name of the subnetwork the Secure Web Proxy is deployed into. | <code>string</code> | ✓ | |
| [name](variables.tf#L50) | Name of the Secure Web Proxy resource. | <code>string</code> | ✓ | |
| [network](variables.tf#L55) | Name of the network the Secure Web Proxy is deployed into. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L119) | Project id of the project that holds the network. | <code>string</code> | ✓ | |
| [region](variables.tf#L124) | Region where resources will be created. | <code>string</code> | ✓ | |
| [subnetwork](variables.tf#L135) | Name of the subnetwork the Secure Web Proxy is deployed into. | <code>string</code> | ✓ | |
| [delete_swg_autogen_router_on_destroy](variables.tf#L32) | Delete automatically provisioned Cloud Router on destroy. | <code>bool</code> | | <code>true</code> |
| [labels](variables.tf#L38) | Resource labels. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [policy_rules](variables.tf#L54) | List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created. | <code title="object&#40;&#123;&#10; secure_tags &#61; optional&#40;map&#40;object&#40;&#123;&#10; tag &#61; string&#10; session_matcher &#61; optional&#40;string&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; priority &#61; number&#10; action &#61; optional&#40;string, &#34;ALLOW&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; tls_inspection_enabled &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#10;&#10; url_lists &#61; optional&#40;map&#40;object&#40;&#123;&#10; url_list &#61; string&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10; session_matcher &#61; optional&#40;string&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; priority &#61; number&#10; action &#61; optional&#40;string, &#34;ALLOW&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; tls_inspection_enabled &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#10;&#10; custom &#61; optional&#40;map&#40;object&#40;&#123;&#10; session_matcher &#61; optional&#40;string&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; priority &#61; number&#10; action &#61; optional&#40;string, &#34;ALLOW&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; tls_inspection_enabled &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [ports](variables.tf#L104) | Ports to use for Secure Web Proxy. | <code>list&#40;number&#41;</code> | | <code>&#91;443&#93;</code> |
| [scope](variables.tf#L120) | Scope determines how configuration across multiple Gateway instances are merged. | <code>string</code> | | <code>null</code> |
| [tls_inspection_config](variables.tf#L131) | TLS inspection configuration. | <code title="object&#40;&#123;&#10; ca_pool &#61; string&#10; exclude_public_ca_set &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [description](variables.tf#L38) | Optional description for the created resources. | <code>string</code> | | <code>&#34;Managed by Terraform.&#34;</code> |
| [labels](variables.tf#L44) | Resource labels. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [policy_rules](variables.tf#L60) | List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created. | <code title="object&#40;&#123;&#10; secure_tags &#61; optional&#40;map&#40;object&#40;&#123;&#10; tag &#61; string&#10; session_matcher &#61; optional&#40;string&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; priority &#61; number&#10; action &#61; optional&#40;string, &#34;ALLOW&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; tls_inspection_enabled &#61; optional&#40;bool, false&#41;&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#10;&#10; url_lists &#61; optional&#40;map&#40;object&#40;&#123;&#10; url_list &#61; string&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10; session_matcher &#61; optional&#40;string&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; priority &#61; number&#10; action &#61; optional&#40;string, &#34;ALLOW&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; tls_inspection_enabled &#61; optional&#40;bool, false&#41;&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#10;&#10; custom &#61; optional&#40;map&#40;object&#40;&#123;&#10; session_matcher &#61; optional&#40;string&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; priority &#61; number&#10; action &#61; optional&#40;string, &#34;ALLOW&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; tls_inspection_enabled &#61; optional&#40;bool, false&#41;&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [ports](variables.tf#L113) | Ports to use for Secure Web Proxy. | <code>list&#40;number&#41;</code> | | <code>&#91;443&#93;</code> |
| [scope](variables.tf#L129) | Scope determines how configuration across multiple Gateway instances are merged. | <code>string</code> | | <code>null</code> |
| [tls_inspection_config](variables.tf#L140) | TLS inspection configuration. | <code title="object&#40;&#123;&#10; ca_pool &#61; optional&#40;string, null&#41;&#10; exclude_public_ca_set &#61; optional&#40;bool, false&#41;&#10; description &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |

## Outputs

Expand Down
9 changes: 7 additions & 2 deletions modules/net-vpc-swp/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ resource "google_network_security_gateway_security_policy" "policy" {
project = var.project_id
name = var.name
location = var.region
description = "Managed by Terraform."
description = var.description
tls_inspection_policy = var.tls_inspection_config != null ? google_network_security_tls_inspection_policy.tls-policy.0.id : null
}

Expand All @@ -33,6 +33,7 @@ resource "google_network_security_tls_inspection_policy" "tls-policy" {
project = var.project_id
name = var.name
location = var.region
description = coalesce(var.tls_inspection_config.description, var.description)
ca_pool = var.tls_inspection_config.ca_pool
exclude_public_ca_set = var.tls_inspection_config.exclude_public_ca_set
}
Expand All @@ -43,6 +44,7 @@ resource "google_network_security_gateway_security_policy_rule" "secure_tag_rule
project = var.project_id
name = each.key
location = var.region
description = coalesce(each.value.description, var.description)
gateway_security_policy = google_network_security_gateway_security_policy.policy.name
enabled = each.value.enabled
priority = each.value.priority
Expand All @@ -61,7 +63,7 @@ resource "google_network_security_url_lists" "url_lists" {
project = var.project_id
name = each.key
location = var.region
description = "Managed by Terraform."
description = coalesce(each.value.description, var.description)
values = each.value.values
}

Expand All @@ -71,6 +73,7 @@ resource "google_network_security_gateway_security_policy_rule" "url_list_rules"
project = var.project_id
name = each.key
location = var.region
description = coalesce(each.value.description, var.description)
gateway_security_policy = google_network_security_gateway_security_policy.policy.name
enabled = each.value.enabled
priority = each.value.priority
Expand All @@ -93,6 +96,7 @@ resource "google_network_security_gateway_security_policy_rule" "custom_rules" {
provider = google-beta
name = each.key
location = var.region
description = coalesce(each.value.description, var.description)
gateway_security_policy = google_network_security_gateway_security_policy.policy.name
enabled = each.value.enabled
priority = each.value.priority
Expand All @@ -107,6 +111,7 @@ resource "google_network_services_gateway" "gateway" {
project = var.project_id
name = var.name
location = var.region
description = var.description
labels = var.labels
addresses = var.addresses != null ? var.addresses : []
type = "SECURE_WEB_GATEWAY"
Expand Down
12 changes: 11 additions & 1 deletion modules/net-vpc-swp/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,12 @@ variable "delete_swg_autogen_router_on_destroy" {
default = true
}

variable "description" {
description = "Optional description for the created resources."
type = string
default = "Managed by Terraform."
}

variable "labels" {
description = "Resource labels."
type = map(string)
Expand Down Expand Up @@ -62,6 +68,7 @@ variable "policy_rules" {
action = optional(string, "ALLOW")
enabled = optional(bool, true)
tls_inspection_enabled = optional(bool, false)
description = optional(string)
})), {})

url_lists = optional(map(object({
Expand All @@ -73,6 +80,7 @@ variable "policy_rules" {
action = optional(string, "ALLOW")
enabled = optional(bool, true)
tls_inspection_enabled = optional(bool, false)
description = optional(string)
})), {})

custom = optional(map(object({
Expand All @@ -82,6 +90,7 @@ variable "policy_rules" {
action = optional(string, "ALLOW")
enabled = optional(bool, true)
tls_inspection_enabled = optional(bool, false)
description = optional(string)
})), {})
})
validation {
Expand Down Expand Up @@ -131,8 +140,9 @@ variable "subnetwork" {
variable "tls_inspection_config" {
description = "TLS inspection configuration."
type = object({
ca_pool = string
ca_pool = optional(string, null)
exclude_public_ca_set = optional(bool, false)
description = optional(string)
})
default = null
}
1 change: 1 addition & 0 deletions tests/modules/net_vpc_swp/examples/basic.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ values:
delete_swg_autogen_router_on_destroy: true
labels:
example: "value"
description: "Managed by Terraform."

counts:
google_network_security_gateway_security_policy: 1
Expand Down
7 changes: 7 additions & 0 deletions tests/modules/net_vpc_swp/examples/rules.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ values:
network: "projects/my-project/global/networks/my-network"
subnetwork: "projects/my-project/regions/europe-west4/subnetworks/my-subnetwork"
delete_swg_autogen_router_on_destroy: true
description: "Managed by Terraform."
module.secure-web-proxy.google_network_security_gateway_security_policy_rule.secure_tag_rules["secure-tag-1"]:
project: "my-project"
name: "secure-tag-1"
Expand All @@ -40,6 +41,7 @@ values:
application_matcher: null
tls_inspection_enabled: false
basic_profile: "ALLOW"
description: "Managed by Terraform."
module.secure-web-proxy.google_network_security_gateway_security_policy_rule.secure_tag_rules["secure-tag-2"]:
project: "my-project"
name: "secure-tag-2"
Expand All @@ -50,6 +52,7 @@ values:
application_matcher: null
tls_inspection_enabled: false
basic_profile: "ALLOW"
description: "Managed by Terraform."
module.secure-web-proxy.google_network_security_gateway_security_policy_rule.url_list_rules["url-list-1"]:
project: "my-project"
name: "url-list-1"
Expand All @@ -59,6 +62,7 @@ values:
application_matcher: null
tls_inspection_enabled: false
basic_profile: "ALLOW"
description: "Managed by Terraform."
module.secure-web-proxy.google_network_security_gateway_security_policy_rule.url_list_rules["url-list-2"]:
project: "my-project"
name: "url-list-2"
Expand All @@ -69,6 +73,7 @@ values:
application_matcher: null
tls_inspection_enabled: false
basic_profile: "ALLOW"
description: "Managed by Terraform."
module.secure-web-proxy.google_network_security_gateway_security_policy_rule.custom_rules["custom-rule-1"]:
project: "my-project"
name: "custom-rule-1"
Expand All @@ -79,13 +84,15 @@ values:
application_matcher: null
tls_inspection_enabled: false
basic_profile: "DENY"
description: "Managed by Terraform."
module.secure-web-proxy.google_network_security_url_lists.url_lists["my-url-list"]:
project: "my-project"
name: "my-url-list"
location: "europe-west4"
values:
- "www.google.com"
- "google.com"
description: "Managed by Terraform."

counts:
google_network_security_gateway_security_policy: 1
Expand Down
4 changes: 4 additions & 0 deletions tests/modules/net_vpc_swp/examples/tls.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,13 @@ values:
name: "secure-web-proxy"
project: "my-project"
location: "europe-west4"
description: "Managed by Terraform."
module.secure-web-proxy.google_network_security_tls_inspection_policy.tls-policy[0]:
project: "my-project"
name: "secure-web-proxy"
location: "europe-west4"
exclude_public_ca_set: false
description: "Managed by Terraform."
module.secure-web-proxy.google_network_services_gateway.gateway:
project: "my-project"
name: "secure-web-proxy"
Expand All @@ -35,6 +37,7 @@ values:
network: "projects/my-project/global/networks/my-network"
subnetwork: "projects/my-project/regions/europe-west4/subnetworks/my-subnetwork"
delete_swg_autogen_router_on_destroy: true
description: "Managed by Terraform."
module.secure-web-proxy.google_network_security_gateway_security_policy_rule.custom_rules["custom-rule-1"]:
project: "my-project"
name: "custom-rule-1"
Expand All @@ -45,6 +48,7 @@ values:
application_matcher: "request.path.contains('generate_204')"
tls_inspection_enabled: true
basic_profile: "ALLOW"
description: "Managed by Terraform."
google_privateca_ca_pool.pool:
name: "secure-web-proxy-capool"
location: "europe-west4"
Expand Down