Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

optional description in modules/net-vpc-swp #1513

Merged
merged 6 commits into from
Aug 1, 2023
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 11 additions & 12 deletions modules/net-vpc-swp/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -171,19 +171,18 @@ module "secure-web-proxy" {
|---|---|:---:|:---:|:---:|
| [addresses](variables.tf#L19) | One or more IP addresses to be used for Secure Web Proxy. | <code></code> | ✓ | |
| [certificates](variables.tf#L27) | List of certificates to be used for Secure Web Proxy. | <code>list&#40;string&#41;</code> | ✓ | |
| [name](variables.tf#L56) | Name of the Secure Web Proxy resource. | <code>string</code> | ✓ | |
| [network](variables.tf#L61) | Name of the network the Secure Web Proxy is deployed into. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L125) | Project id of the project that holds the network. | <code>string</code> | ✓ | |
| [region](variables.tf#L130) | Region where resources will be created. | <code>string</code> | ✓ | |
| [subnetwork](variables.tf#L141) | Name of the subnetwork the Secure Web Proxy is deployed into. | <code>string</code> | ✓ | |
| [name](variables.tf#L50) | Name of the Secure Web Proxy resource. | <code>string</code> | ✓ | |
| [network](variables.tf#L55) | Name of the network the Secure Web Proxy is deployed into. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L119) | Project id of the project that holds the network. | <code>string</code> | ✓ | |
| [region](variables.tf#L124) | Region where resources will be created. | <code>string</code> | ✓ | |
| [subnetwork](variables.tf#L135) | Name of the subnetwork the Secure Web Proxy is deployed into. | <code>string</code> | ✓ | |
| [delete_swg_autogen_router_on_destroy](variables.tf#L32) | Delete automatically provisioned Cloud Router on destroy. | <code>bool</code> | | <code>true</code> |
| [description](variables.tf#L38) | Optional description for the SWG. | <code>string</code> | | <code>&#34;Managed by Terraform.&#34;</code> |
| [gateway_security_policy_description](variables.tf#L44) | Optional description for the gateway security policy. | <code>string</code> | | <code>&#34;Managed by Terraform.&#34;</code> |
| [labels](variables.tf#L50) | Resource labels. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [policy_rules](variables.tf#L66) | List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created. | <code title="object&#40;&#123;&#10; secure_tags &#61; optional&#40;map&#40;object&#40;&#123;&#10; tag &#61; string&#10; session_matcher &#61; optional&#40;string&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; priority &#61; number&#10; action &#61; optional&#40;string, &#34;ALLOW&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; tls_inspection_enabled &#61; optional&#40;bool, false&#41;&#10; description &#61; optional&#40;string, &#34;Managed by Terraform.&#34;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#10;&#10; url_lists &#61; optional&#40;map&#40;object&#40;&#123;&#10; url_list &#61; string&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10; session_matcher &#61; optional&#40;string&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; priority &#61; number&#10; action &#61; optional&#40;string, &#34;ALLOW&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; tls_inspection_enabled &#61; optional&#40;bool, false&#41;&#10; description &#61; optional&#40;string, &#34;Managed by Terraform.&#34;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#10;&#10; custom &#61; optional&#40;map&#40;object&#40;&#123;&#10; session_matcher &#61; optional&#40;string&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; priority &#61; number&#10; action &#61; optional&#40;string, &#34;ALLOW&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; tls_inspection_enabled &#61; optional&#40;bool, false&#41;&#10; description &#61; optional&#40;string, &#34;Managed by Terraform.&#34;&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [ports](variables.tf#L119) | Ports to use for Secure Web Proxy. | <code>list&#40;number&#41;</code> | | <code>&#91;443&#93;</code> |
| [scope](variables.tf#L135) | Scope determines how configuration across multiple Gateway instances are merged. | <code>string</code> | | <code>null</code> |
| [tls_inspection_config](variables.tf#L146) | TLS inspection configuration. | <code title="object&#40;&#123;&#10; ca_pool &#61; optional&#40;string, null&#41;&#10; exclude_public_ca_set &#61; optional&#40;bool, false&#41;&#10; description &#61; optional&#40;string, &#34;Managed by Terraform.&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [description](variables.tf#L38) | Optional description for the created resources. | <code>string</code> | | <code>&#34;Managed by Terraform.&#34;</code> |
| [labels](variables.tf#L44) | Resource labels. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [policy_rules](variables.tf#L60) | List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created. | <code title="object&#40;&#123;&#10; secure_tags &#61; optional&#40;map&#40;object&#40;&#123;&#10; tag &#61; string&#10; session_matcher &#61; optional&#40;string&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; priority &#61; number&#10; action &#61; optional&#40;string, &#34;ALLOW&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; tls_inspection_enabled &#61; optional&#40;bool, false&#41;&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#10;&#10; url_lists &#61; optional&#40;map&#40;object&#40;&#123;&#10; url_list &#61; string&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10; session_matcher &#61; optional&#40;string&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; priority &#61; number&#10; action &#61; optional&#40;string, &#34;ALLOW&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; tls_inspection_enabled &#61; optional&#40;bool, false&#41;&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#10;&#10; custom &#61; optional&#40;map&#40;object&#40;&#123;&#10; session_matcher &#61; optional&#40;string&#41;&#10; application_matcher &#61; optional&#40;string&#41;&#10; priority &#61; number&#10; action &#61; optional&#40;string, &#34;ALLOW&#34;&#41;&#10; enabled &#61; optional&#40;bool, true&#41;&#10; tls_inspection_enabled &#61; optional&#40;bool, false&#41;&#10; description &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [ports](variables.tf#L113) | Ports to use for Secure Web Proxy. | <code>list&#40;number&#41;</code> | | <code>&#91;443&#93;</code> |
| [scope](variables.tf#L129) | Scope determines how configuration across multiple Gateway instances are merged. | <code>string</code> | | <code>null</code> |
| [tls_inspection_config](variables.tf#L140) | TLS inspection configuration. | <code title="object&#40;&#123;&#10; ca_pool &#61; optional&#40;string, null&#41;&#10; exclude_public_ca_set &#61; optional&#40;bool, false&#41;&#10; description &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |

## Outputs

Expand Down
12 changes: 6 additions & 6 deletions modules/net-vpc-swp/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ resource "google_network_security_gateway_security_policy" "policy" {
project = var.project_id
name = var.name
location = var.region
description = var.gateway_security_policy_description
description = var.description
tls_inspection_policy = var.tls_inspection_config != null ? google_network_security_tls_inspection_policy.tls-policy.0.id : null
}

Expand All @@ -33,7 +33,7 @@ resource "google_network_security_tls_inspection_policy" "tls-policy" {
project = var.project_id
name = var.name
location = var.region
description = var.tls_inspection_config.description
description = var.tls_inspection_config.description != null ? var.tls_inspection_config.description : var.description
skalolazka marked this conversation as resolved.
Show resolved Hide resolved
ca_pool = var.tls_inspection_config.ca_pool
exclude_public_ca_set = var.tls_inspection_config.exclude_public_ca_set
}
Expand All @@ -44,7 +44,7 @@ resource "google_network_security_gateway_security_policy_rule" "secure_tag_rule
project = var.project_id
name = each.key
location = var.region
description = each.value.description
description = each.value.description != null ? each.value.description : var.description
gateway_security_policy = google_network_security_gateway_security_policy.policy.name
enabled = each.value.enabled
priority = each.value.priority
Expand All @@ -63,7 +63,7 @@ resource "google_network_security_url_lists" "url_lists" {
project = var.project_id
name = each.key
location = var.region
description = each.value.description
description = each.value.description != null ? each.value.description : var.description
values = each.value.values
}

Expand All @@ -73,7 +73,7 @@ resource "google_network_security_gateway_security_policy_rule" "url_list_rules"
project = var.project_id
name = each.key
location = var.region
description = each.value.description
description = each.value.description != null ? each.value.description : var.description
gateway_security_policy = google_network_security_gateway_security_policy.policy.name
enabled = each.value.enabled
priority = each.value.priority
Expand All @@ -96,7 +96,7 @@ resource "google_network_security_gateway_security_policy_rule" "custom_rules" {
provider = google-beta
name = each.key
location = var.region
description = each.value.description
description = each.value.description != null ? each.value.description : var.description
gateway_security_policy = google_network_security_gateway_security_policy.policy.name
enabled = each.value.enabled
priority = each.value.priority
Expand Down
16 changes: 5 additions & 11 deletions modules/net-vpc-swp/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -36,13 +36,7 @@ variable "delete_swg_autogen_router_on_destroy" {
}

variable "description" {
description = "Optional description for the SWG."
type = string
default = "Managed by Terraform."
}

variable "gateway_security_policy_description" {
description = "Optional description for the gateway security policy."
description = "Optional description for the created resources."
type = string
default = "Managed by Terraform."
}
Expand Down Expand Up @@ -74,7 +68,7 @@ variable "policy_rules" {
action = optional(string, "ALLOW")
enabled = optional(bool, true)
tls_inspection_enabled = optional(bool, false)
description = optional(string, "Managed by Terraform.")
description = optional(string)
})), {})

url_lists = optional(map(object({
Expand All @@ -86,7 +80,7 @@ variable "policy_rules" {
action = optional(string, "ALLOW")
enabled = optional(bool, true)
tls_inspection_enabled = optional(bool, false)
description = optional(string, "Managed by Terraform.")
description = optional(string)
})), {})

custom = optional(map(object({
Expand All @@ -96,7 +90,7 @@ variable "policy_rules" {
action = optional(string, "ALLOW")
enabled = optional(bool, true)
tls_inspection_enabled = optional(bool, false)
description = optional(string, "Managed by Terraform.")
description = optional(string)
})), {})
})
validation {
Expand Down Expand Up @@ -148,7 +142,7 @@ variable "tls_inspection_config" {
type = object({
ca_pool = optional(string, null)
exclude_public_ca_set = optional(bool, false)
description = optional(string, "Managed by Terraform.")
description = optional(string)
})
default = null
}