diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 3f24825..167b191 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1 @@ -* @PaloAltoNetworks/gcp-vmseries-modules-codeowners +* @PaloAltoNetworks/gcp-swfw-modules-codeowners diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index 41b3f62..3e5d094 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -1,7 +1,7 @@ name: Bug Report description: Create an issue to help us improve -title: '[Bug Report] ' -assignees: aws-vmseries-modules-codeowners +title: "[Bug Report] " +assignees: gcp-swfw-modules-codeowners body: - type: textarea attributes: @@ -12,7 +12,7 @@ body: - type: input attributes: label: Module Version - description: What is the module version in use (https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/releases)? Please include the commit hash if you're using an unreleased version. + description: What is the module version in use (https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/releases)? Please include the commit hash if you're using an unreleased version. placeholder: eg. v0.4.1 validations: required: true diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml index c8bf17a..405cbc9 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.yml +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -2,7 +2,7 @@ name: Feature request description: Suggest an idea for this project # title: '[Enhancement] ' labels: enhancement -assignees: aws-vmseries-modules-codeowners +assignees: gcp-swfw-modules-codeowners body: - type: textarea attributes: diff --git a/.github/actions/terratest/action.yml b/.github/actions/terratest/action.yml index e84697e..3b5b7fe 100644 --- a/.github/actions/terratest/action.yml +++ b/.github/actions/terratest/action.yml @@ -1,11 +1,11 @@ -name: 'Terratest' -description: 'Runs Terratest for a specified path.' +name: "Terratest" +description: "Runs Terratest for a specified path." inputs: tf_version: - description: 'TF version used.' + description: "TF version used." required: true path: - description: 'Path to Terraform module.' + description: "Path to Terraform module." required: true terratest_action: description: The action (name of a test in Terratest) that will be passed to the Makefile's ACTION parameter @@ -20,7 +20,6 @@ inputs: runs: using: "composite" steps: - - name: setup Terraform uses: hashicorp/setup-terraform@v2 with: @@ -30,7 +29,7 @@ runs: - name: setup Go uses: actions/setup-go@v4 with: - go-version: '1.20' + go-version: "1.20" - name: login to GCP uses: google-github-actions/auth@v1 @@ -45,4 +44,4 @@ runs: PRID: ${{ inputs.pr-id }} PROJECT_ID: ${{ env.PROJECT_ID }} shell: bash - run: make $TPATH ACTION=$ACTION \ No newline at end of file + run: make $TPATH ACTION=$ACTION diff --git a/.github/workflows/apply-command.yml b/.github/workflows/apply-command.yml index ea7b85a..94a9967 100644 --- a/.github/workflows/apply-command.yml +++ b/.github/workflows/apply-command.yml @@ -20,12 +20,12 @@ on: description: ID of the PR that triggered this workflow type: string required: true - pr-title: + pr-title: description: Title of the PR that triggered this workflow type: string required: true comment-id: - description: 'The comment-id of the slash command' + description: "The comment-id of the slash command" type: string required: true branch: @@ -40,14 +40,14 @@ jobs: contents: read pull-requests: write id-token: write - uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/test_command.yml@v2.3 + uses: PaloAltoNetworks/terraform-modules-swfw-ci-workflows/.github/workflows/test_command.yml@v2.3 secrets: inherit with: - cloud: azure + cloud: gcp paths: ${{ inputs.paths }} tf_version: ${{ inputs.tf_version }} pr-id: ${{ inputs.pr-id }} comment-id: ${{ inputs.comment-id }} branch: ${{ inputs.branch }} terratest_action: Apply - apply_timeout: 60 \ No newline at end of file + apply_timeout: 60 diff --git a/.github/workflows/idempotence-command.yml b/.github/workflows/idempotence-command.yml index 3c428b1..150e6e6 100644 --- a/.github/workflows/idempotence-command.yml +++ b/.github/workflows/idempotence-command.yml @@ -3,7 +3,7 @@ run-name: "On demand Idempotence test for PR - (#${{ github.event.inputs.pr-id } permissions: contents: read - + concurrency: chatops-apply on: @@ -20,12 +20,12 @@ on: description: ID of the PR that triggered this workflow type: string required: true - pr-title: + pr-title: description: Title of the PR that triggered this workflow type: string required: true comment-id: - description: 'The comment-id of the slash command' + description: "The comment-id of the slash command" type: string required: true branch: @@ -40,14 +40,14 @@ jobs: contents: read pull-requests: write id-token: write - uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/test_command.yml@v2.3 + uses: PaloAltoNetworks/terraform-modules-swfw-ci-workflows/.github/workflows/test_command.yml@v2.3 secrets: inherit with: - cloud: azure + cloud: gcp paths: ${{ inputs.paths }} tf_version: ${{ inputs.tf_version }} pr-id: ${{ inputs.pr-id }} comment-id: ${{ inputs.comment-id }} branch: ${{ inputs.branch }} terratest_action: Idempotence - apply_timeout: 60 \ No newline at end of file + apply_timeout: 60 diff --git a/.github/workflows/lint_pr_title.yml b/.github/workflows/lint_pr_title.yml index 3746572..a3b0977 100644 --- a/.github/workflows/lint_pr_title.yml +++ b/.github/workflows/lint_pr_title.yml @@ -18,4 +18,4 @@ on: jobs: lint_pr_title: name: Lint PR - uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/lint_pr_title.yml@v1.3.0 \ No newline at end of file + uses: PaloAltoNetworks/terraform-modules-swfw-ci-workflows/.github/workflows/lint_pr_title.yml@v1.3.0 diff --git a/.github/workflows/plan-command.yml b/.github/workflows/plan-command.yml index 7ddf127..294477b 100644 --- a/.github/workflows/plan-command.yml +++ b/.github/workflows/plan-command.yml @@ -20,12 +20,12 @@ on: description: ID of the PR that triggered this workflow type: string required: true - pr-title: + pr-title: description: Title of the PR that triggered this workflow type: string required: true comment-id: - description: 'The comment-id of the slash command' + description: "The comment-id of the slash command" type: string required: true branch: @@ -40,13 +40,13 @@ jobs: contents: read pull-requests: write id-token: write - uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/test_command.yml@v2.3 + uses: PaloAltoNetworks/terraform-modules-swfw-ci-workflows/.github/workflows/test_command.yml@v2.3 secrets: inherit with: - cloud: azure + cloud: gcp paths: ${{ inputs.paths }} tf_version: ${{ inputs.tf_version }} pr-id: ${{ inputs.pr-id }} comment-id: ${{ inputs.comment-id }} branch: ${{ inputs.branch }} - terratest_action: Plan \ No newline at end of file + terratest_action: Plan diff --git a/.github/workflows/pr_ci.yml b/.github/workflows/pr_ci.yml index 71b0fe4..cc31c91 100644 --- a/.github/workflows/pr_ci.yml +++ b/.github/workflows/pr_ci.yml @@ -13,12 +13,12 @@ on: - reopened - synchronize - ready_for_review - branches: ['main'] + branches: ["main"] jobs: pr_ci_wrkflw: name: Run CI - uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/pr_ci.yml@v2.2 + uses: PaloAltoNetworks/terraform-modules-swfw-ci-workflows/.github/workflows/pr_ci.yml@v2.2 if: github.actor != 'dependabot[bot]' secrets: inherit with: @@ -27,4 +27,4 @@ jobs: validate_max_parallel: 20 test_max_parallel: 10 fail_fast: false - terratest_action: Plan # keep in mind that this has to start with capital letter \ No newline at end of file + terratest_action: Plan # keep in mind that this has to start with capital letter diff --git a/.github/workflows/pre-commit-update.yml b/.github/workflows/pre-commit-update.yml index 53f0d49..4cc5629 100644 --- a/.github/workflows/pre-commit-update.yml +++ b/.github/workflows/pre-commit-update.yml @@ -8,18 +8,18 @@ permissions: on: workflow_dispatch: schedule: - - cron: 0 1 1 * * # 1am of every 1st day of every month + - cron: 0 1 1 * * # 1am of every 1st day of every month jobs: update: name: "Update Pre-Commit dependencies" - uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/_pre-commit-update.yml@v2.3 + uses: PaloAltoNetworks/terraform-modules-swfw-ci-workflows/.github/workflows/_pre-commit-update.yml@v2.3 pre-commit: name: Run Pre-Commit with the udpated config needs: [update] if: needs.update.outputs.pr_operation == 'created' || needs.update.outputs.pr_operation == 'updated' - uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/_pre_commit.yml@v2.3 + uses: PaloAltoNetworks/terraform-modules-swfw-ci-workflows/.github/workflows/_pre_commit.yml@v2.3 with: pre-commit-hooks: terraform_fmt terraform_docs terraform_tflint checkov branch: pre-commit-dependencies-update @@ -28,7 +28,7 @@ jobs: name: Give comment on the PR if pre-commit failed needs: [pre-commit, update] if: always() && (needs.pre-commit.result == 'failure' || needs.pre-commit.result == 'success') - uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/_comment_pr.yml@v2.3 + uses: PaloAltoNetworks/terraform-modules-swfw-ci-workflows/.github/workflows/_comment_pr.yml@v2.3 with: pr_number: ${{ needs.update.outputs.pr_number }} - job_result: ${{ needs.pre-commit.result }} \ No newline at end of file + job_result: ${{ needs.pre-commit.result }} diff --git a/.github/workflows/release_ci.yml b/.github/workflows/release_ci.yml index e4f4406..3b17f68 100644 --- a/.github/workflows/release_ci.yml +++ b/.github/workflows/release_ci.yml @@ -1,7 +1,6 @@ name: Release CI run-name: "Continous Release" - permissions: contents: write issues: read @@ -10,18 +9,18 @@ permissions: on: workflow_dispatch: schedule: - - cron: '0 1 * * 4' # this means every Thursday @1am UTC + - cron: "0 1 * * 4" # this means every Thursday @1am UTC concurrency: release jobs: release_wrkflw: name: Do release - uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/release_ci.yml@v2.2 + uses: PaloAltoNetworks/terraform-modules-swfw-ci-workflows/.github/workflows/release_ci.yml@v2.2 secrets: inherit with: cloud: gcp validate_max_parallel: 20 test_max_parallel: 5 fail_fast: false - terratest_action: Idempotence # keep in mind that this has to start with capital letter \ No newline at end of file + terratest_action: Idempotence # keep in mind that this has to start with capital letter diff --git a/.github/workflows/sca-command.yml b/.github/workflows/sca-command.yml index 78d9243..39de707 100644 --- a/.github/workflows/sca-command.yml +++ b/.github/workflows/sca-command.yml @@ -11,12 +11,12 @@ on: description: ID of the PR that triggered this workflow type: string required: true - pr-title: + pr-title: description: Title of the PR that triggered this workflow type: string required: true comment-id: - description: 'The comment-id of the slash command' + description: "The comment-id of the slash command" type: string required: true branch: @@ -53,7 +53,7 @@ jobs: needs: init permissions: contents: read - uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/_pre_commit.yml@v2.3 + uses: PaloAltoNetworks/terraform-modules-swfw-ci-workflows/.github/workflows/_pre_commit.yml@v2.3 secrets: inherit with: pre-commit-hooks: terraform_fmt terraform_docs terraform_tflint checkov @@ -76,4 +76,4 @@ jobs: body: | > Job result: ${{ needs.test.result == 'success' && 'SUCCESS' || 'FAILURE' }} reactions: ${{ needs.test.result == 'success' && '+1' || '-1' }} - reactions-edit-mode: replace \ No newline at end of file + reactions-edit-mode: replace diff --git a/.github/workflows/validate-command.yml b/.github/workflows/validate-command.yml index 4233716..700a653 100644 --- a/.github/workflows/validate-command.yml +++ b/.github/workflows/validate-command.yml @@ -18,12 +18,12 @@ on: description: ID of the PR that triggered this workflow type: string required: true - pr-title: + pr-title: description: Title of the PR that triggered this workflow type: string required: true comment-id: - description: 'The comment-id of the slash command' + description: "The comment-id of the slash command" type: string required: true branch: @@ -41,13 +41,13 @@ jobs: contents: read pull-requests: write id-token: write - uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/test_command.yml@v2.3 + uses: PaloAltoNetworks/terraform-modules-swfw-ci-workflows/.github/workflows/test_command.yml@v2.3 secrets: inherit with: - cloud: azure + cloud: gcp paths: ${{ inputs.paths }} tf_version: ${{ inputs.tf_version }} pr-id: ${{ inputs.pr-id }} comment-id: ${{ inputs.comment-id }} branch: ${{ inputs.branch }} - terratest_action: Validate \ No newline at end of file + terratest_action: Validate diff --git a/.gitignore b/.gitignore index 677250f..85de1bb 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,7 @@ # mac specific .DS_Store .ansible -.azure/ +.gcp/ .bash_history # don't check storage creds into GH .boto diff --git a/.releaserc.json b/.releaserc.json index a0ac00a..2f186b9 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -17,7 +17,7 @@ }, { "type": "feat", - "scope" : "MAJOR", + "scope": "MAJOR", "release": "major" } ] @@ -36,9 +36,9 @@ [ "@semantic-release/github", { - "successComment": ":tada: This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:\n\nThe release is available on [Terraform Registry](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest) and [GitHub release](../releases/tag/v${nextRelease.version})\n\n> Posted by [semantic-release](https://github.com/semantic-release/semantic-release) bot" + "successComment": ":tada: This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:\n\nThe release is available on [Terraform Registry](https://registry.terraform.io/modules/PaloAltoNetworks/swfw-modules/google/latest) and [GitHub release](../releases/tag/v${nextRelease.version})\n\n> Posted by [semantic-release](https://github.com/semantic-release/semantic-release) bot" } ] ], "preset": "conventionalcommits" -} +} \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5b805dc..cd70499 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -16,18 +16,18 @@ Contributions are welcome across the entire project: ### New Contributors -1. Search the [issues](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules.git/issues) to see if there is an existing issue. If not, please open one. +1. Search the [issues](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules.git/issues) to see if there is an existing issue. If not, please open one. 1. Fork the repository to your personal namespace (only needed to do this once). 1. Clone the repo from your personal namespace. - `git clone https://github.com/{username}/terraform-google-vmseries-modules.git` + `git clone https://github.com/{username}/terraform-google-swfw-modules.git` Ensure that `{username}` is _your_ user name. 1. Add the source repository as an upsteam. - `git remote add upstream https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules.git` + `git remote add upstream https://github.com/PaloAltoNetworks/terraform-google-swfw-modules.git` 1. Create a branch which corresponds to the issue ID created in step 1. @@ -55,7 +55,7 @@ Contributions are welcome across the entire project: ### Existing Contributors -1. Search the [issues](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules.git/issues) to see if there is an existing issue. If not, open an issue (note the issue ID). +1. Search the [issues](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules.git/issues) to see if there is an existing issue. If not, open an issue (note the issue ID). 1. Update from the source repository. `git pull upstream dev` diff --git a/README.md b/README.md index c2249de..88abfea 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,17 @@ -![GitHub release (latest by date)](https://img.shields.io/github/v/release/PaloAltoNetworks/terraform-google-vmseries-modules?style=flat-square) -![GitHub](https://img.shields.io/github/license/PaloAltoNetworks/terraform-modules-vmseries-ci-workflows?style=flat-square) -![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/PaloAltoNetworks/terraform-google-vmseries-modules/release_ci.yml?style=flat-square) -![GitHub issues](https://img.shields.io/github/issues/PaloAltoNetworks/terraform-google-vmseries-modules?style=flat-square) -![GitHub pull requests](https://img.shields.io/github/issues-pr/PaloAltoNetworks/terraform-google-vmseries-modules?style=flat-square) -![Terraform registry downloads total](https://img.shields.io/badge/dynamic/json?color=green&label=downloads%20total&query=data.attributes.total&url=https%3A%2F%2Fregistry.terraform.io%2Fv2%2Fmodules%2FPaloAltoNetworks%2Fvmseries-modules%2Fgoogle%2Fdownloads%2Fsummary&style=flat-square) -![Terraform registry download month](https://img.shields.io/badge/dynamic/json?color=green&label=downloads%20this%20month&query=data.attributes.month&url=https%3A%2F%2Fregistry.terraform.io%2Fv2%2Fmodules%2FPaloAltoNetworks%2Fvmseries-modules%2Fgoogle%2Fdownloads%2Fsummary&style=flat-square) +![GitHub release (latest by date)](https://img.shields.io/github/v/release/PaloAltoNetworks/terraform-google-swfw-modules?style=flat-square) +![GitHub](https://img.shields.io/github/license/PaloAltoNetworks/terraform-modules-swfw-ci-workflows?style=flat-square) +![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/PaloAltoNetworks/terraform-google-swfw-modules/release_ci.yml?style=flat-square) +![GitHub issues](https://img.shields.io/github/issues/PaloAltoNetworks/terraform-google-swfw-modules?style=flat-square) +![GitHub pull requests](https://img.shields.io/github/issues-pr/PaloAltoNetworks/terraform-google-swfw-modules?style=flat-square) +![Terraform registry downloads total](https://img.shields.io/badge/dynamic/json?color=green&label=downloads%20total&query=data.attributes.total&url=https%3A%2F%2Fregistry.terraform.io%2Fv2%2Fmodules%2FPaloAltoNetworks%2Fswfw-modules%2Fgoogle%2Fdownloads%2Fsummary&style=flat-square) +![Terraform registry download month](https://img.shields.io/badge/dynamic/json?color=green&label=downloads%20this%20month&query=data.attributes.month&url=https%3A%2F%2Fregistry.terraform.io%2Fv2%2Fmodules%2FPaloAltoNetworks%2Fswfw-modules%2Fgoogle%2Fdownloads%2Fsummary&style=flat-square) -# Terraform Modules for Palo Alto Networks VM-Series on Google Cloud Platform +# Terraform Modules for Palo Alto Networks Software Firewalls on Google Cloud Platform ## Overview -A set of modules for using **Palo Alto Networks VM-Series firewalls** to provide control and protection -to your applications running on Google Cloud Platform (GCP). It deploys VM-Series as virtual machine -instances and it configures aspects such as Shared VPC connectivity, IAM access, Service Accounts, Panorama virtual +A set of modules for using **Palo Alto Networks Software Firewalls** to provide control and protection +to your applications running on Google Cloud Platform (GCP). It deploys Software Firewalls and it configures aspects such as Shared VPC connectivity, IAM access, Service Accounts, Panorama virtual machine instances, and more. The design is heavily based on the [Reference Architecture Guide for Google Cloud Platform](https://pandocs.tech/fw/160p-prime). @@ -40,11 +39,11 @@ We are maintaining a [public roadmap](https://github.com/orgs/PaloAltoNetworks/p ## Versioning These modules follow the principles of [Semantic Versioning](http://semver.org/). You can find each new release, -along with the changelog, on the GitHub [Releases](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/releases) page. +along with the changelog, on the GitHub [Releases](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/releases) page. ## Getting Help -[Open an issue](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/issues) on Github. +[Open an issue](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/issues) on Github. ## Contributing diff --git a/examples/multi_nic_common/README.md b/examples/multi_nic_common/README.md index 29be2ee..b8ee7b5 100644 --- a/examples/multi_nic_common/README.md +++ b/examples/multi_nic_common/README.md @@ -5,7 +5,7 @@ show_in_hub: false The common firewall option leverages a single set of VM-Series firewalls. The sole set of firewalls operates as a shared resource and may present scale limitations with all traffic flowing through a single set of firewalls due to the performance degradation that occurs when traffic crosses virtual routers. This option is suitable for proof-of-concepts and smaller scale deployments because the number of firewalls is low. However, the technical integration complexity is high. -![VM-Series-Multi-NIC-Common-Firewall-Option](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/assets/43091730/ff652bc1-977c-4f83-aeb0-641b46f38c4c) +![VM-Series-Multi-NIC-Common-Firewall-Option](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/assets/2110772/017aad21-46c8-4030-853a-f32096da754c) The scope of this code is to deploy an example of the [VM-Series Common Firewall Option](https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/guides/gcp-architecture-guide#Design%20Model) but with a slight modification in the architecture - the VM-Series is directly connected to the spoke VPCs. There are some advantages to this architecture from a routing perspective but there is also a limitation related to the [maximum number of NICs on the VM-Series](https://cloud.google.com/vpc/docs/create-use-multiple-interfaces#max-interfaces) within GCP. @@ -36,8 +36,8 @@ The following steps should be followed before deploying the Terraform code prese 2. Clone the repository: ``` -git clone https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules -cd terraform-google-vmseries-modules/examples/multi_nic_common +git clone https://github.com/PaloAltoNetworks/terraform-google-swfw-modules +cd terraform-google-swfw-modules/examples/multi_nic_common ``` 3. Copy the `example.tfvars` to `terraform.tfvars`. @@ -206,19 +206,19 @@ please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| <a name="input_bootstrap_buckets"></a> [bootstrap\_buckets](#input\_bootstrap\_buckets) | A map containing each bootstrap bucket setting.<br><br>Example of variable deployment:<pre>bootstrap_buckets = {<br> vmseries-bootstrap-bucket-01 = {<br> bucket_name_prefix = "bucket-01-"<br> location = "us"<br> service_account_key = "sa-vmseries-01"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/bootstrap#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_lbs_external"></a> [lbs\_external](#input\_lbs\_external) | A map containing each external loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_external = {<br> "external-lb" = {<br> name = "external-lb"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> rules = {<br> "all-ports" = {<br> ip_protocol = "L3_DEFAULT"<br> }<br> }<br> http_health_check_port = "80"<br> http_health_check_request_path = "/php/login.php"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_external#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_lbs_internal"></a> [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_internal = {<br> "internal-lb" = {<br> name = "internal-lb"<br> health_check_port = "80"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> ip_address = "10.10.12.5"<br> subnetwork_key = "fw-trust-sub"<br> vpc_network_key = "fw-trust-vpc"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_internal#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_bootstrap_buckets"></a> [bootstrap\_buckets](#input\_bootstrap\_buckets) | A map containing each bootstrap bucket setting.<br><br>Example of variable deployment:<pre>bootstrap_buckets = {<br> vmseries-bootstrap-bucket-01 = {<br> bucket_name_prefix = "bucket-01-"<br> location = "us"<br> service_account_key = "sa-vmseries-01"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/bootstrap#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_lbs_external"></a> [lbs\_external](#input\_lbs\_external) | A map containing each external loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_external = {<br> "external-lb" = {<br> name = "external-lb"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> rules = {<br> "all-ports" = {<br> ip_protocol = "L3_DEFAULT"<br> }<br> }<br> http_health_check_port = "80"<br> http_health_check_request_path = "/php/login.php"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_external#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_lbs_internal"></a> [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_internal = {<br> "internal-lb" = {<br> name = "internal-lb"<br> health_check_port = "80"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> ip_address = "10.10.12.5"<br> subnetwork_key = "fw-trust-sub"<br> vpc_network_key = "fw-trust-vpc"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | | <a name="input_linux_vms"></a> [linux\_vms](#input\_linux\_vms) | A map containing each Linux VM configuration that will be placed in SPOKE VPCs for testing purposes.<br><br>Example of varaible deployment:<pre>linux_vms = {<br> spoke1-vm = {<br> linux_machine_type = "n2-standard-4"<br> zone = "us-east1-b"<br> linux_disk_size = "50" # Modify this value as per deployment requirements<br> vpc_network_key = "fw-spoke1-vpc"<br> subnetwork_key = "fw-spoke1-sub"<br> private_ip = "192.168.1.2"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> service_account_key = "sa-linux-01"<br> }<br>}</pre> | `map(any)` | `{}` | no | | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings. | `string` | `"example-"` | no | -| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> fw-mgmt-vpc = {<br> vpc_name = "fw-mgmt-vpc"<br> create_network = true<br> delete_default_routes_on_create = false<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> fw-mgmt-sub = {<br> name = "fw-mgmt-sub"<br> create_subnetwork = true<br> ip_cidr_range = "10.10.10.0/28"<br> region = "us-east1"<br> }<br> }<br> firewall_rules = {<br> allow-mgmt-ingress = {<br> name = "allow-mgmt-vpc"<br> source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Replace 1.1.1.1/32 with your own souurce IP address for management purposes.<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code. | `any` | `{}` | no | +| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> fw-mgmt-vpc = {<br> vpc_name = "fw-mgmt-vpc"<br> create_network = true<br> delete_default_routes_on_create = false<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> fw-mgmt-sub = {<br> name = "fw-mgmt-sub"<br> create_subnetwork = true<br> ip_cidr_range = "10.10.10.0/28"<br> region = "us-east1"<br> }<br> }<br> firewall_rules = {<br> allow-mgmt-ingress = {<br> name = "allow-mgmt-vpc"<br> source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Replace 1.1.1.1/32 with your own souurce IP address for management purposes.<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code. | `any` | `{}` | no | | <a name="input_project"></a> [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no | | <a name="input_region"></a> [region](#input\_region) | The region into which to deploy the infrastructure in to. | `string` | `"us-central1"` | no | | <a name="input_routes"></a> [routes](#input\_routes) | A map containing each route setting. Note that you can only add routes using a next-hop type of internal load-balance rule.<br><br>Example of variable deployment :<pre>routes = {<br> "default-route-trust" = {<br> name = "fw-default-trust"<br> destination_range = "0.0.0.0/0"<br> vpc_network_key = "fw-trust-vpc"<br> lb_internal_name = "internal-lb"<br> }<br>}</pre>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_service_accounts"></a> [service\_accounts](#input\_service\_accounts) | A map containing each service account setting.<br><br>Example of variable deployment :<pre>service_accounts = {<br> "sa-vmseries-01" = {<br> service_account_id = "sa-vmseries-01"<br> display_name = "VM-Series SA"<br> roles = [<br> "roles/compute.networkViewer",<br> "roles/logging.logWriter",<br> "roles/monitoring.metricWriter",<br> "roles/monitoring.viewer",<br> "roles/viewer"<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/iam_service_account#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_vmseries"></a> [vmseries](#input\_vmseries) | A map containing each individual vmseries setting.<br><br>Example of variable deployment :<pre>vmseries = {<br> "fw-vmseries-01" = {<br> name = "fw-vmseries-01"<br> zone = "us-east1-b"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> tags = ["vmseries"]<br> service_account_key = "sa-vmseries-01"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"<br> bootstrap_options = {<br> panorama-server = "1.1.1.1"<br> dns-primary = "8.8.8.8"<br> dns-secondary = "8.8.4.4"<br> }<br> bootstrap_template_map = {<br> trust_gcp_router_ip = "10.10.12.1"<br> untrust_gcp_router_ip = "10.10.11.1"<br> private_network_cidr = "192.168.0.0/16"<br> untrust_loopback_ip = "1.1.1.1/32" #This is placeholder IP - you must replace it on the vmseries config with the LB public IP address after the infrastructure is deployed<br> trust_loopback_ip = "10.10.12.5/32"<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> network_interfaces = [<br> {<br> vpc_network_key = "fw-untrust-vpc"<br> subnetwork_key = "fw-untrust-sub"<br> private_ip = "10.10.11.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-mgmt-vpc"<br> subnetwork_key = "fw-mgmt-sub"<br> private_ip = "10.10.10.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-trust-vpc"<br> subnetwork_key = "fw-trust-sub"<br> private_ip = "10.10.12.2"<br> },<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vmseries#inputs)<br><br>The bootstrap\_template\_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs.<br>Multiple keys can be added and will be deployed by the code. | `any` | `{}` | no | +| <a name="input_service_accounts"></a> [service\_accounts](#input\_service\_accounts) | A map containing each service account setting.<br><br>Example of variable deployment :<pre>service_accounts = {<br> "sa-vmseries-01" = {<br> service_account_id = "sa-vmseries-01"<br> display_name = "VM-Series SA"<br> roles = [<br> "roles/compute.networkViewer",<br> "roles/logging.logWriter",<br> "roles/monitoring.metricWriter",<br> "roles/monitoring.viewer",<br> "roles/viewer"<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/iam_service_account#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_vmseries"></a> [vmseries](#input\_vmseries) | A map containing each individual vmseries setting.<br><br>Example of variable deployment :<pre>vmseries = {<br> "fw-vmseries-01" = {<br> name = "fw-vmseries-01"<br> zone = "us-east1-b"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> tags = ["vmseries"]<br> service_account_key = "sa-vmseries-01"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"<br> bootstrap_options = {<br> panorama-server = "1.1.1.1"<br> dns-primary = "8.8.8.8"<br> dns-secondary = "8.8.4.4"<br> }<br> bootstrap_template_map = {<br> trust_gcp_router_ip = "10.10.12.1"<br> untrust_gcp_router_ip = "10.10.11.1"<br> private_network_cidr = "192.168.0.0/16"<br> untrust_loopback_ip = "1.1.1.1/32" #This is placeholder IP - you must replace it on the vmseries config with the LB public IP address after the infrastructure is deployed<br> trust_loopback_ip = "10.10.12.5/32"<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> network_interfaces = [<br> {<br> vpc_network_key = "fw-untrust-vpc"<br> subnetwork_key = "fw-untrust-sub"<br> private_ip = "10.10.11.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-mgmt-vpc"<br> subnetwork_key = "fw-mgmt-sub"<br> private_ip = "10.10.10.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-trust-vpc"<br> subnetwork_key = "fw-trust-sub"<br> private_ip = "10.10.12.2"<br> },<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vmseries#inputs)<br><br>The bootstrap\_template\_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs.<br>Multiple keys can be added and will be deployed by the code. | `any` | `{}` | no | | <a name="input_vmseries_common"></a> [vmseries\_common](#input\_vmseries\_common) | A map containing common vmseries setting.<br><br>Example of variable deployment :<pre>vmseries_common = {<br> ssh_keys = "admin:AAAABBBB..."<br> vmseries_image = "vmseries-flex-byol-1022h2"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> service_account_key = "sa-vmseries-01"<br> bootstrap_options = {<br> type = "dhcp-client"<br> mgmt-interface-swap = "enable"<br> }<br>}</pre>Bootstrap options can be moved between vmseries individual instance variable (`vmseries`) and this common vmserie variable (`vmseries_common`). | `any` | `{}` | no | -| <a name="input_vpc_peerings"></a> [vpc\_peerings](#input\_vpc\_peerings) | A map containing each VPC peering setting.<br><br>Example of variable deployment :<pre>vpc_peerings = {<br> "trust-to-spoke1" = {<br> local_network_key = "fw-trust-vpc"<br> peer_network_key = "fw-spoke1-vpc"<br><br> local_export_custom_routes = true<br> local_import_custom_routes = true<br> local_export_subnet_routes_with_public_ip = true<br> local_import_subnet_routes_with_public_ip = true<br><br> peer_export_custom_routes = true<br> peer_import_custom_routes = true<br> peer_export_subnet_routes_with_public_ip = true<br> peer_import_subnet_routes_with_public_ip = true<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc-peering#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_vpc_peerings"></a> [vpc\_peerings](#input\_vpc\_peerings) | A map containing each VPC peering setting.<br><br>Example of variable deployment :<pre>vpc_peerings = {<br> "trust-to-spoke1" = {<br> local_network_key = "fw-trust-vpc"<br> peer_network_key = "fw-spoke1-vpc"<br><br> local_export_custom_routes = true<br> local_import_custom_routes = true<br> local_export_subnet_routes_with_public_ip = true<br> local_import_subnet_routes_with_public_ip = true<br><br> peer_export_custom_routes = true<br> peer_import_custom_routes = true<br> peer_export_subnet_routes_with_public_ip = true<br> peer_import_subnet_routes_with_public_ip = true<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc-peering#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | ### Outputs diff --git a/examples/multi_nic_common/main_test.go b/examples/multi_nic_common/main_test.go index c482b1f..d85d31f 100644 --- a/examples/multi_nic_common/main_test.go +++ b/examples/multi_nic_common/main_test.go @@ -1,10 +1,10 @@ package multi_nic_common import ( - "testing" "log" + "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" "github.com/gruntwork-io/terratest/modules/logger" "github.com/gruntwork-io/terratest/modules/terraform" ) @@ -62,4 +62,4 @@ func TestIdempotence(t *testing.T) { assertList := []testskeleton.AssertExpression{} // deploy test infrastructure and verify outputs and check if there are no planned changes after deployment testskeleton.DeployInfraCheckOutputsVerifyChanges(t, terraformOptions, assertList) -} \ No newline at end of file +} diff --git a/examples/multi_nic_common/variables.tf b/examples/multi_nic_common/variables.tf index 0cfce60..cc93431 100644 --- a/examples/multi_nic_common/variables.tf +++ b/examples/multi_nic_common/variables.tf @@ -37,7 +37,7 @@ variable "service_accounts" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/iam_service_account#Inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/iam_service_account#Inputs) Multiple keys can be added and will be deployed by the code. @@ -64,7 +64,7 @@ variable "bootstrap_buckets" { } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/bootstrap#Inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/bootstrap#Inputs) Multiple keys can be added and will be deployed by the code. @@ -110,7 +110,7 @@ variable "networks" { } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks) Multiple keys can be added and will be deployed by the code. EOF @@ -142,7 +142,7 @@ variable "vpc_peerings" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc-peering#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc-peering#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -267,7 +267,7 @@ variable "vmseries" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vmseries#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vmseries#inputs) The bootstrap_template_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs. Multiple keys can be added and will be deployed by the code. @@ -297,7 +297,7 @@ variable "lbs_internal" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_internal#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -325,7 +325,7 @@ variable "lbs_external" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_external#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_external#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -364,4 +364,4 @@ variable "linux_vms" { EOF type = map(any) default = {} -} \ No newline at end of file +} diff --git a/examples/panorama_standalone/README.md b/examples/panorama_standalone/README.md index 1ced5af..7ab1a9e 100644 --- a/examples/panorama_standalone/README.md +++ b/examples/panorama_standalone/README.md @@ -5,7 +5,7 @@ show_in_hub: true --- # Palo Alto Panorama deployment example -The scope of this code is to deploy one or more vpc networks and subnetworks along with one or more panorama instances in a single project and region in Google Cloud. The example deploys panorama to be used in management only mode (without additional logging disks). For option on how to add additional logging disks - please refer to panorama [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/panorama#inputs) +The scope of this code is to deploy one or more vpc networks and subnetworks along with one or more panorama instances in a single project and region in Google Cloud. The example deploys panorama to be used in management only mode (without additional logging disks). For option on how to add additional logging disks - please refer to panorama [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/panorama#inputs) ## Topology @@ -15,7 +15,8 @@ The topology consists of : - A panorama instance with a Public IP address attached to the created vpc network and subnetwork - Firewall rules that allow access to the panorama management interface -![panorama-topology](https://user-images.githubusercontent.com/43091730/230029801-3acea62e-aa3d-46f3-b638-6b09bf5ef35e.png) +![panorama-topology](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/assets/2110772/83826156-689e-4808-83b5-53aa79efb5a4) + ## Prerequisites @@ -30,8 +31,8 @@ The topology consists of : 2. Clone the repository and fill out any modifications to tfvars file (`example.tfvars` - at least `project`, `ssh_keys` and `source_ranges` should be filled in for successful deployment and access to the instance after deployment) ``` -git clone https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules -cd terraform-google-vmseries-modules/examples/panorama +git clone https://github.com/PaloAltoNetworks/terraform-google-swfw-modules +cd terraform-google-swfw-modules/examples/panorama ``` 3. Apply the terraform code @@ -110,8 +111,8 @@ No resources. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings | `string` | `""` | no | -| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> "panorama-vpc" = {<br> vpc_name = "firewall-vpc"<br> create_network = true<br> delete_default_routes_on_create = "false"<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> "panorama-sub" = {<br> name = "panorama-subnet"<br> create_subnetwork = true<br> ip_cidr_range = "172.21.21.0/24"<br> region = "us-central1"<br> }<br> }<br> firewall_rules = {<br> "allow-panorama-ingress" = {<br> name = "panorama-mgmt"<br> source_ranges = ["1.1.1.1/32", "2.2.2.2/32"]<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code | `any` | n/a | yes | -| <a name="input_panoramas"></a> [panoramas](#input\_panoramas) | A map containing each panorama setting.<br><br>Example of variable deployment :<pre>panoramas = {<br> "panorama-01" = {<br> panorama_name = "panorama-01"<br> panorama_vpc = "panorama-vpc"<br> panorama_subnet = "panorama-subnet"<br> panorama_version = "panorama-byol-1000"<br> ssh_keys = "admin:PUBLIC-KEY"<br> attach_public_ip = true<br> private_static_ip = "172.21.21.2"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/panorama#inputs)<br><br>Multiple keys can be added and will be deployed by the code | `any` | n/a | yes | +| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> "panorama-vpc" = {<br> vpc_name = "firewall-vpc"<br> create_network = true<br> delete_default_routes_on_create = "false"<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> "panorama-sub" = {<br> name = "panorama-subnet"<br> create_subnetwork = true<br> ip_cidr_range = "172.21.21.0/24"<br> region = "us-central1"<br> }<br> }<br> firewall_rules = {<br> "allow-panorama-ingress" = {<br> name = "panorama-mgmt"<br> source_ranges = ["1.1.1.1/32", "2.2.2.2/32"]<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code | `any` | n/a | yes | +| <a name="input_panoramas"></a> [panoramas](#input\_panoramas) | A map containing each panorama setting.<br><br>Example of variable deployment :<pre>panoramas = {<br> "panorama-01" = {<br> panorama_name = "panorama-01"<br> panorama_vpc = "panorama-vpc"<br> panorama_subnet = "panorama-subnet"<br> panorama_version = "panorama-byol-1000"<br> ssh_keys = "admin:PUBLIC-KEY"<br> attach_public_ip = true<br> private_static_ip = "172.21.21.2"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/panorama#inputs)<br><br>Multiple keys can be added and will be deployed by the code | `any` | n/a | yes | | <a name="input_project"></a> [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no | | <a name="input_region"></a> [region](#input\_region) | The region into which to deploy the infrastructure in to | `string` | `"us-central1"` | no | diff --git a/examples/panorama_standalone/main_test.go b/examples/panorama_standalone/main_test.go index b91cedb..6b4fed9 100644 --- a/examples/panorama_standalone/main_test.go +++ b/examples/panorama_standalone/main_test.go @@ -1,10 +1,10 @@ package panorama_standalone import ( - "testing" "log" + "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" "github.com/gruntwork-io/terratest/modules/logger" "github.com/gruntwork-io/terratest/modules/terraform" ) @@ -62,4 +62,4 @@ func TestIdempotence(t *testing.T) { assertList := []testskeleton.AssertExpression{} // deploy test infrastructure and verify outputs and check if there are no planned changes after deployment testskeleton.DeployInfraCheckOutputsVerifyChanges(t, terraformOptions, assertList) -} \ No newline at end of file +} diff --git a/examples/panorama_standalone/variables.tf b/examples/panorama_standalone/variables.tf index 193f2a5..be0ac3a 100644 --- a/examples/panorama_standalone/variables.tf +++ b/examples/panorama_standalone/variables.tf @@ -50,7 +50,7 @@ variable "networks" { } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks) Multiple keys can be added and will be deployed by the code EOF @@ -77,7 +77,7 @@ variable "panoramas" { } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/panorama#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/panorama#inputs) Multiple keys can be added and will be deployed by the code EOF diff --git a/examples/standalone_vmseries_with_metadata_bootstrap/README.md b/examples/standalone_vmseries_with_metadata_bootstrap/README.md index f163554..865f9c8 100644 --- a/examples/standalone_vmseries_with_metadata_bootstrap/README.md +++ b/examples/standalone_vmseries_with_metadata_bootstrap/README.md @@ -35,9 +35,9 @@ No resources. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings | `string` | `""` | no | -| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> "vmseries-vpc" = {<br> vpc_name = "firewall-vpc"<br> create_network = true<br> delete_default_routes_on_create = "false"<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> "vmseries-sub" = {<br> name = "vmseries-subnet"<br> create_subnetwork = true<br> ip_cidr_range = "172.21.21.0/24"<br> region = "us-central1"<br> }<br> }<br> firewall_rules = {<br> "allow-vmseries-ingress" = {<br> name = "vmseries-mgmt"<br> source_ranges = ["1.1.1.1/32", "2.2.2.2/32"]<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code | `any` | n/a | yes | +| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> "vmseries-vpc" = {<br> vpc_name = "firewall-vpc"<br> create_network = true<br> delete_default_routes_on_create = "false"<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> "vmseries-sub" = {<br> name = "vmseries-subnet"<br> create_subnetwork = true<br> ip_cidr_range = "172.21.21.0/24"<br> region = "us-central1"<br> }<br> }<br> firewall_rules = {<br> "allow-vmseries-ingress" = {<br> name = "vmseries-mgmt"<br> source_ranges = ["1.1.1.1/32", "2.2.2.2/32"]<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code | `any` | n/a | yes | | <a name="input_project"></a> [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no | -| <a name="input_vmseries"></a> [vmseries](#input\_vmseries) | A map containing each individual vmseries setting.<br><br>Example of variable deployment :<pre>vmseries = {<br> "fw-vmseries-01" = {<br> name = "fw-vmseries-01"<br> zone = "us-central1-b"<br> vmseries_image = "vmseries-flex-byol-1022h2"<br> ssh_keys = "admin:<YOUR_SSH_KEY>"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> tags = ["vmseries"]<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> bootstrap_options = {<br> panorama-server = "1.1.1.1" # Modify this value as per deployment requirements<br> dns-primary = "8.8.8.8" # Modify this value as per deployment requirements<br> dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> network_interfaces = [<br> {<br> vpc_network_key = "vmseries-vpc"<br> subnetwork_key = "fw-mgmt-sub"<br> private_ip = "10.10.10.2"<br> create_public_ip = true<br> }<br> ]<br> }<br> }</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vmseries#inputs)<br><br>The bootstrap\_template\_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs.<br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | +| <a name="input_vmseries"></a> [vmseries](#input\_vmseries) | A map containing each individual vmseries setting.<br><br>Example of variable deployment :<pre>vmseries = {<br> "fw-vmseries-01" = {<br> name = "fw-vmseries-01"<br> zone = "us-central1-b"<br> vmseries_image = "vmseries-flex-byol-1022h2"<br> ssh_keys = "admin:<YOUR_SSH_KEY>"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> tags = ["vmseries"]<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> bootstrap_options = {<br> panorama-server = "1.1.1.1" # Modify this value as per deployment requirements<br> dns-primary = "8.8.8.8" # Modify this value as per deployment requirements<br> dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> network_interfaces = [<br> {<br> vpc_network_key = "vmseries-vpc"<br> subnetwork_key = "fw-mgmt-sub"<br> private_ip = "10.10.10.2"<br> create_public_ip = true<br> }<br> ]<br> }<br> }</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vmseries#inputs)<br><br>The bootstrap\_template\_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs.<br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | | <a name="input_vmseries_common"></a> [vmseries\_common](#input\_vmseries\_common) | A map containing common vmseries setting.<br><br>Example of variable deployment :<pre>vmseries_common = {<br> ssh_keys = "admin:AAAABBBB..."<br> vmseries_image = "vmseries-flex-byol-1022h2"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> service_account_key = "sa-vmseries-01"<br> bootstrap_options = {<br> type = "dhcp-client"<br> mgmt-interface-swap = "enable"<br> }<br>}</pre>Bootstrap options can be moved between vmseries individual instance variable (`vmseries`) and this common vmserie variable (`vmseries_common`). | `map` | `{}` | no | ### Outputs diff --git a/examples/standalone_vmseries_with_metadata_bootstrap/main_test.go b/examples/standalone_vmseries_with_metadata_bootstrap/main_test.go index 7c48a62..43e5928 100644 --- a/examples/standalone_vmseries_with_metadata_bootstrap/main_test.go +++ b/examples/standalone_vmseries_with_metadata_bootstrap/main_test.go @@ -1,10 +1,10 @@ package standalone_vmseries_with_metadata_bootstrap import ( - "testing" "log" + "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" "github.com/gruntwork-io/terratest/modules/logger" "github.com/gruntwork-io/terratest/modules/terraform" ) @@ -21,8 +21,8 @@ func CreateTerraformOptions(t *testing.T) *terraform.Options { TerraformDir: ".", VarFiles: []string{"example.tfvars"}, Vars: map[string]interface{}{ - "name_prefix": varsInfo.NamePrefix, - "project": varsInfo.GoogleProjectId, + "name_prefix": varsInfo.NamePrefix, + "project": varsInfo.GoogleProjectId, }, Logger: logger.Default, Lock: true, @@ -62,4 +62,4 @@ func TestIdempotence(t *testing.T) { assertList := []testskeleton.AssertExpression{} // deploy test infrastructure and verify outputs and check if there are no planned changes after deployment testskeleton.DeployInfraCheckOutputsVerifyChanges(t, terraformOptions, assertList) -} \ No newline at end of file +} diff --git a/examples/standalone_vmseries_with_metadata_bootstrap/variables.tf b/examples/standalone_vmseries_with_metadata_bootstrap/variables.tf index f56533e..3d1fce0 100644 --- a/examples/standalone_vmseries_with_metadata_bootstrap/variables.tf +++ b/examples/standalone_vmseries_with_metadata_bootstrap/variables.tf @@ -45,7 +45,7 @@ variable "networks" { } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks) Multiple keys can be added and will be deployed by the code EOF @@ -100,7 +100,7 @@ variable "vmseries" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vmseries#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vmseries#inputs) The bootstrap_template_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs. Multiple keys can be added and will be deployed by the code. @@ -131,4 +131,4 @@ variable "vmseries_common" { Bootstrap options can be moved between vmseries individual instance variable (`vmseries`) and this common vmserie variable (`vmseries_common`). EOF default = {} -} \ No newline at end of file +} diff --git a/examples/vmseries_ha/README.md b/examples/vmseries_ha/README.md index 924961c..cdb8a82 100644 --- a/examples/vmseries_ha/README.md +++ b/examples/vmseries_ha/README.md @@ -10,7 +10,8 @@ The Terraform code presented here will deploy Palo Alto Networks VM-Series firew ## Reference Architecture Design -![simple](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/assets/6574404/942d7e0a-eafb-42fb-ba53-6fefedb4b69d) +![simple](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/assets/2110772/9530fc51-7267-4b74-a996-a522b97f0996) + This code implements: - a _centralized design_, a hub-and-spoke topology with a shared VPC containing VM-Series deployed in high availability to inspect all inbound, outbound, east-west, and enterprise traffic @@ -27,7 +28,8 @@ This design model integrates multiple methods to interconnect and control your a The common firewall option wiht High Availability leverages a single set of VM-Series firewalls that acts as a single entity. The sole set of firewalls operates as a shared resource and may present scale limitations with all traffic flowing through a single set of firewalls due to the performance degradation that occurs when traffic crosses virtual routers. This option is suitable for proof-of-concepts and smaller scale deployments because the number of firewalls is low. However, the technical integration complexity is high. -![VM-Series-Common-Firewall-Option-with-HA](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/assets/43091730/7690846b-2aad-4045-913c-8a5cdb80b16b) +![VM-Series-Common-Firewall-Option-with-HA](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/assets/2110772/549bda0d-a6b8-426b-8480-0c7cf56cc81e) + The scope of this code is to deploy an example of the [VM-Series Common Firewall Option](https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/guides/gcp-architecture-guide#Design%20Model) architecture with [high availability configuration](https://docs.paloaltonetworks.com/vm-series/10-2/vm-series-deployment/about-the-vm-series-firewall/vm-series-in-high-availability) within a GCP project. @@ -60,8 +62,8 @@ The following steps should be followed before deploying the Terraform code prese 2. Clone the repository: ``` -git clone https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules -cd terraform-google-vmseries-modules/examples/vmseries_ha +git clone https://github.com/PaloAltoNetworks/terraform-google-swfw-modules +cd terraform-google-swfw-modules/examples/vmseries_ha ``` 3. Copy the `example.tfvars` to `terraform.tfvars`. @@ -258,19 +260,19 @@ Check the succesful inbound and outbound traffic fail-over to and from the spoke | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| <a name="input_bootstrap_buckets"></a> [bootstrap\_buckets](#input\_bootstrap\_buckets) | A map containing each bootstrap bucket setting.<br><br>Example of variable deployment:<pre>bootstrap_buckets = {<br> vmseries-bootstrap-bucket-01 = {<br> bucket_name_prefix = "bucket-01-"<br> location = "us"<br> service_account_key = "sa-vmseries-01"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/bootstrap#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_lbs_external"></a> [lbs\_external](#input\_lbs\_external) | A map containing each external loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_external = {<br> "external-lb" = {<br> name = "external-lb"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> rules = {<br> "all-ports" = {<br> ip_protocol = "L3_DEFAULT"<br> }<br> }<br> http_health_check_port = "80"<br> http_health_check_request_path = "/php/login.php"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_external#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_lbs_internal"></a> [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_internal = {<br> "internal-lb" = {<br> name = "internal-lb"<br> health_check_port = "80"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> ip_address = "10.10.12.5"<br> subnetwork_key = "fw-trust-sub"<br> vpc_network_key = "fw-trust-vpc"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_internal#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_bootstrap_buckets"></a> [bootstrap\_buckets](#input\_bootstrap\_buckets) | A map containing each bootstrap bucket setting.<br><br>Example of variable deployment:<pre>bootstrap_buckets = {<br> vmseries-bootstrap-bucket-01 = {<br> bucket_name_prefix = "bucket-01-"<br> location = "us"<br> service_account_key = "sa-vmseries-01"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/bootstrap#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_lbs_external"></a> [lbs\_external](#input\_lbs\_external) | A map containing each external loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_external = {<br> "external-lb" = {<br> name = "external-lb"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> rules = {<br> "all-ports" = {<br> ip_protocol = "L3_DEFAULT"<br> }<br> }<br> http_health_check_port = "80"<br> http_health_check_request_path = "/php/login.php"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_external#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_lbs_internal"></a> [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_internal = {<br> "internal-lb" = {<br> name = "internal-lb"<br> health_check_port = "80"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> ip_address = "10.10.12.5"<br> subnetwork_key = "fw-trust-sub"<br> vpc_network_key = "fw-trust-vpc"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | | <a name="input_linux_vms"></a> [linux\_vms](#input\_linux\_vms) | A map containing each Linux VM configuration that will be placed in SPOKE VPCs for testing purposes.<br><br>Example of varaible deployment:<pre>linux_vms = {<br> spoke1-vm = {<br> linux_machine_type = "n2-standard-4"<br> zone = "us-east1-b"<br> linux_disk_size = "50" # Modify this value as per deployment requirements<br> vpc_network_key = "fw-spoke1-vpc"<br> subnetwork_key = "fw-spoke1-sub"<br> private_ip = "192.168.1.2"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> service_account_key = "sa-linux-01"<br> }<br>}</pre> | `any` | `{}` | no | | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings. | `string` | `"example-"` | no | -| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> fw-mgmt-vpc = {<br> vpc_name = "fw-mgmt-vpc"<br> create_network = true<br> delete_default_routes_on_create = false<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> fw-mgmt-sub = {<br> name = "fw-mgmt-sub"<br> create_subnetwork = true<br> ip_cidr_range = "10.10.10.0/28"<br> region = "us-east1"<br> }<br> }<br> firewall_rules = {<br> allow-mgmt-ingress = {<br> name = "allow-mgmt-vpc"<br> source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Replace 1.1.1.1/32 with your own souurce IP address for management purposes.<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | +| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> fw-mgmt-vpc = {<br> vpc_name = "fw-mgmt-vpc"<br> create_network = true<br> delete_default_routes_on_create = false<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> fw-mgmt-sub = {<br> name = "fw-mgmt-sub"<br> create_subnetwork = true<br> ip_cidr_range = "10.10.10.0/28"<br> region = "us-east1"<br> }<br> }<br> firewall_rules = {<br> allow-mgmt-ingress = {<br> name = "allow-mgmt-vpc"<br> source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Replace 1.1.1.1/32 with your own souurce IP address for management purposes.<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | | <a name="input_project"></a> [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no | | <a name="input_region"></a> [region](#input\_region) | The region into which to deploy the infrastructure in to. | `string` | `"us-central1"` | no | | <a name="input_routes"></a> [routes](#input\_routes) | A map containing each route setting. Note that you can only add routes using a next-hop type of internal load-balance rule.<br><br>Example of variable deployment :<pre>routes = {<br> "default-route-trust" = {<br> name = "fw-default-trust"<br> destination_range = "0.0.0.0/0"<br> vpc_network_key = "fw-trust-vpc"<br> lb_internal_name = "internal-lb"<br> }<br>}</pre>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_service_accounts"></a> [service\_accounts](#input\_service\_accounts) | A map containing each service account setting.<br><br>Example of variable deployment :<pre>service_accounts = {<br> "sa-vmseries-01" = {<br> service_account_id = "sa-vmseries-01"<br> display_name = "VM-Series SA"<br> roles = [<br> "roles/compute.networkViewer",<br> "roles/logging.logWriter",<br> "roles/monitoring.metricWriter",<br> "roles/monitoring.viewer",<br> "roles/viewer"<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/iam_service_account#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_vmseries"></a> [vmseries](#input\_vmseries) | A map containing each individual vmseries setting.<br><br>Example of variable deployment :<pre>vmseries = {<br> "fw-vmseries-01" = {<br> name = "fw-vmseries-01"<br> zone = "us-east1-b"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> tags = ["vmseries"]<br> service_account_key = "sa-vmseries-01"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"<br> bootstrap_options = {<br> panorama-server = "1.1.1.1"<br> dns-primary = "8.8.8.8"<br> dns-secondary = "8.8.4.4"<br> }<br> bootstrap_template_map = {<br> trust_gcp_router_ip = "10.10.12.1"<br> untrust_gcp_router_ip = "10.10.11.1"<br> private_network_cidr = "192.168.0.0/16"<br> untrust_loopback_ip = "1.1.1.1/32" #This is placeholder IP - you must replace it on the vmseries config with the LB public IP address after the infrastructure is deployed<br> trust_loopback_ip = "10.10.12.5/32"<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> network_interfaces = [<br> {<br> vpc_network_key = "fw-untrust-vpc"<br> subnetwork_key = "fw-untrust-sub"<br> private_ip = "10.10.11.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-mgmt-vpc"<br> subnetwork_key = "fw-mgmt-sub"<br> private_ip = "10.10.10.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-trust-vpc"<br> subnetwork_key = "fw-trust-sub"<br> private_ip = "10.10.12.2"<br> },<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vmseries#inputs)<br><br>The bootstrap\_template\_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs.<br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | +| <a name="input_service_accounts"></a> [service\_accounts](#input\_service\_accounts) | A map containing each service account setting.<br><br>Example of variable deployment :<pre>service_accounts = {<br> "sa-vmseries-01" = {<br> service_account_id = "sa-vmseries-01"<br> display_name = "VM-Series SA"<br> roles = [<br> "roles/compute.networkViewer",<br> "roles/logging.logWriter",<br> "roles/monitoring.metricWriter",<br> "roles/monitoring.viewer",<br> "roles/viewer"<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/iam_service_account#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_vmseries"></a> [vmseries](#input\_vmseries) | A map containing each individual vmseries setting.<br><br>Example of variable deployment :<pre>vmseries = {<br> "fw-vmseries-01" = {<br> name = "fw-vmseries-01"<br> zone = "us-east1-b"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> tags = ["vmseries"]<br> service_account_key = "sa-vmseries-01"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"<br> bootstrap_options = {<br> panorama-server = "1.1.1.1"<br> dns-primary = "8.8.8.8"<br> dns-secondary = "8.8.4.4"<br> }<br> bootstrap_template_map = {<br> trust_gcp_router_ip = "10.10.12.1"<br> untrust_gcp_router_ip = "10.10.11.1"<br> private_network_cidr = "192.168.0.0/16"<br> untrust_loopback_ip = "1.1.1.1/32" #This is placeholder IP - you must replace it on the vmseries config with the LB public IP address after the infrastructure is deployed<br> trust_loopback_ip = "10.10.12.5/32"<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> network_interfaces = [<br> {<br> vpc_network_key = "fw-untrust-vpc"<br> subnetwork_key = "fw-untrust-sub"<br> private_ip = "10.10.11.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-mgmt-vpc"<br> subnetwork_key = "fw-mgmt-sub"<br> private_ip = "10.10.10.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-trust-vpc"<br> subnetwork_key = "fw-trust-sub"<br> private_ip = "10.10.12.2"<br> },<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vmseries#inputs)<br><br>The bootstrap\_template\_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs.<br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | | <a name="input_vmseries_common"></a> [vmseries\_common](#input\_vmseries\_common) | A map containing common vmseries setting.<br><br>Example of variable deployment :<pre>vmseries_common = {<br> ssh_keys = "admin:AAAABBBB..."<br> vmseries_image = "vmseries-flex-byol-1022h2"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> service_account_key = "sa-vmseries-01"<br> bootstrap_options = {<br> type = "dhcp-client"<br> mgmt-interface-swap = "enable"<br> }<br>}</pre>Bootstrap options can be moved between vmseries individual instance variable (`vmseries`) and this common vmserie variable (`vmseries_common`). | `any` | n/a | yes | -| <a name="input_vpc_peerings"></a> [vpc\_peerings](#input\_vpc\_peerings) | A map containing each VPC peering setting.<br><br>Example of variable deployment :<pre>vpc_peerings = {<br> "trust-to-spoke1" = {<br> local_network_key = "fw-trust-vpc"<br> peer_network_key = "fw-spoke1-vpc"<br><br> local_export_custom_routes = true<br> local_import_custom_routes = true<br> local_export_subnet_routes_with_public_ip = true<br> local_import_subnet_routes_with_public_ip = true<br><br> peer_export_custom_routes = true<br> peer_import_custom_routes = true<br> peer_export_subnet_routes_with_public_ip = true<br> peer_import_subnet_routes_with_public_ip = true<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc-peering#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_vpc_peerings"></a> [vpc\_peerings](#input\_vpc\_peerings) | A map containing each VPC peering setting.<br><br>Example of variable deployment :<pre>vpc_peerings = {<br> "trust-to-spoke1" = {<br> local_network_key = "fw-trust-vpc"<br> peer_network_key = "fw-spoke1-vpc"<br><br> local_export_custom_routes = true<br> local_import_custom_routes = true<br> local_export_subnet_routes_with_public_ip = true<br> local_import_subnet_routes_with_public_ip = true<br><br> peer_export_custom_routes = true<br> peer_import_custom_routes = true<br> peer_export_subnet_routes_with_public_ip = true<br> peer_import_subnet_routes_with_public_ip = true<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc-peering#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | ### Outputs diff --git a/examples/vmseries_ha/main_test.go b/examples/vmseries_ha/main_test.go index ab61988..6e71a5b 100644 --- a/examples/vmseries_ha/main_test.go +++ b/examples/vmseries_ha/main_test.go @@ -1,10 +1,10 @@ package vmseries_ha import ( - "testing" "log" + "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" "github.com/gruntwork-io/terratest/modules/logger" "github.com/gruntwork-io/terratest/modules/terraform" ) @@ -62,4 +62,4 @@ func TestIdempotence(t *testing.T) { assertList := []testskeleton.AssertExpression{} // deploy test infrastructure and verify outputs and check if there are no planned changes after deployment testskeleton.DeployInfraCheckOutputsVerifyChanges(t, terraformOptions, assertList) -} \ No newline at end of file +} diff --git a/examples/vmseries_ha/variables.tf b/examples/vmseries_ha/variables.tf index 1d391aa..b918c55 100644 --- a/examples/vmseries_ha/variables.tf +++ b/examples/vmseries_ha/variables.tf @@ -37,7 +37,7 @@ variable "service_accounts" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/iam_service_account#Inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/iam_service_account#Inputs) Multiple keys can be added and will be deployed by the code. @@ -64,7 +64,7 @@ variable "bootstrap_buckets" { } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/bootstrap#Inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/bootstrap#Inputs) Multiple keys can be added and will be deployed by the code. @@ -110,7 +110,7 @@ variable "networks" { } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks) Multiple keys can be added and will be deployed by the code. EOF @@ -140,7 +140,7 @@ variable "vpc_peerings" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc-peering#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc-peering#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -263,7 +263,7 @@ variable "vmseries" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vmseries#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vmseries#inputs) The bootstrap_template_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs. Multiple keys can be added and will be deployed by the code. @@ -291,7 +291,7 @@ variable "lbs_internal" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_internal#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -319,7 +319,7 @@ variable "lbs_external" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_external#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_external#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -358,4 +358,4 @@ variable "linux_vms" { EOF type = any default = {} -} \ No newline at end of file +} diff --git a/examples/vpc_peering_common/README.md b/examples/vpc_peering_common/README.md index 2ebc164..3a9673a 100644 --- a/examples/vpc_peering_common/README.md +++ b/examples/vpc_peering_common/README.md @@ -10,7 +10,7 @@ The Terraform code presented here will deploy Palo Alto Networks VM-Series firew ## Reference Architecture Design -![simple](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/assets/6574404/942d7e0a-eafb-42fb-ba53-6fefedb4b69d) +![simple](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/assets/2110772/9530fc51-7267-4b74-a996-a522b97f0996) This code implements: - a _centralized design_, a hub-and-spoke topology with a shared VPC containing VM-Series to inspect all inbound, outbound, east-west, and enterprise traffic @@ -27,7 +27,8 @@ This design model integrates multiple methods to interconnect and control your a The common firewall option leverages a single set of VM-Series firewalls. The sole set of firewalls operates as a shared resource and may present scale limitations with all traffic flowing through a single set of firewalls due to the performance degradation that occurs when traffic crosses virtual routers. This option is suitable for proof-of-concepts and smaller scale deployments because the number of firewalls is low. However, the technical integration complexity is high. -![VM-Series-Common-Firewall-Option](https://user-images.githubusercontent.com/43091730/232486760-a8f6f1f2-6c46-44ed-9842-3afa2fb2309f.png) +![VM-Series-Common-Firewall-Option](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/assets/2110772/8ed0d553-469c-49e0-9b59-9c025e5ec3db) + The scope of this code is to deploy an example of the [VM-Series Common Firewall Option](https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/guides/gcp-architecture-guide#Design%20Model) architecture within a GCP project. @@ -59,8 +60,8 @@ The following steps should be followed before deploying the Terraform code prese 2. Clone the repository: ``` -git clone https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules -cd terraform-google-vmseries-modules/examples/vpc-peering-common +git clone https://github.com/PaloAltoNetworks/terraform-google-swfw-modules +cd terraform-google-swfw-modules/examples/vpc-peering-common ``` 3. Copy the `example.tfvars` to `terraform.tfvars`. @@ -223,19 +224,19 @@ please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| <a name="input_bootstrap_buckets"></a> [bootstrap\_buckets](#input\_bootstrap\_buckets) | A map containing each bootstrap bucket setting.<br><br>Example of variable deployment:<pre>bootstrap_buckets = {<br> vmseries-bootstrap-bucket-01 = {<br> bucket_name_prefix = "bucket-01-"<br> location = "us"<br> service_account_key = "sa-vmseries-01"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/bootstrap#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_lbs_external"></a> [lbs\_external](#input\_lbs\_external) | A map containing each external loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_external = {<br> "external-lb" = {<br> name = "external-lb"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> rules = {<br> "all-ports" = {<br> ip_protocol = "L3_DEFAULT"<br> }<br> }<br> http_health_check_port = "80"<br> http_health_check_request_path = "/php/login.php"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_external#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_lbs_internal"></a> [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_internal = {<br> "internal-lb" = {<br> name = "internal-lb"<br> health_check_port = "80"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> ip_address = "10.10.12.5"<br> subnetwork_key = "fw-trust-sub"<br> vpc_network_key = "fw-trust-vpc"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_internal#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_bootstrap_buckets"></a> [bootstrap\_buckets](#input\_bootstrap\_buckets) | A map containing each bootstrap bucket setting.<br><br>Example of variable deployment:<pre>bootstrap_buckets = {<br> vmseries-bootstrap-bucket-01 = {<br> bucket_name_prefix = "bucket-01-"<br> location = "us"<br> service_account_key = "sa-vmseries-01"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/bootstrap#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_lbs_external"></a> [lbs\_external](#input\_lbs\_external) | A map containing each external loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_external = {<br> "external-lb" = {<br> name = "external-lb"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> rules = {<br> "all-ports" = {<br> ip_protocol = "L3_DEFAULT"<br> }<br> }<br> http_health_check_port = "80"<br> http_health_check_request_path = "/php/login.php"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_external#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_lbs_internal"></a> [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_internal = {<br> "internal-lb" = {<br> name = "internal-lb"<br> health_check_port = "80"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> ip_address = "10.10.12.5"<br> subnetwork_key = "fw-trust-sub"<br> vpc_network_key = "fw-trust-vpc"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | | <a name="input_linux_vms"></a> [linux\_vms](#input\_linux\_vms) | A map containing each Linux VM configuration that will be placed in SPOKE VPCs for testing purposes.<br><br>Example of varaible deployment:<pre>linux_vms = {<br> spoke1-vm = {<br> linux_machine_type = "n2-standard-4"<br> zone = "us-east1-b"<br> linux_disk_size = "50" # Modify this value as per deployment requirements<br> vpc_network_key = "fw-spoke1-vpc"<br> subnetwork_key = "fw-spoke1-sub"<br> private_ip = "192.168.1.2"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> service_account_key = "sa-linux-01"<br> }<br>}</pre> | `map(any)` | `{}` | no | | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings. | `string` | `"example-"` | no | -| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> fw-mgmt-vpc = {<br> vpc_name = "fw-mgmt-vpc"<br> create_network = true<br> delete_default_routes_on_create = false<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> fw-mgmt-sub = {<br> name = "fw-mgmt-sub"<br> create_subnetwork = true<br> ip_cidr_range = "10.10.10.0/28"<br> region = "us-east1"<br> }<br> }<br> firewall_rules = {<br> allow-mgmt-ingress = {<br> name = "allow-mgmt-vpc"<br> source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Replace 1.1.1.1/32 with your own souurce IP address for management purposes.<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | +| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> fw-mgmt-vpc = {<br> vpc_name = "fw-mgmt-vpc"<br> create_network = true<br> delete_default_routes_on_create = false<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> fw-mgmt-sub = {<br> name = "fw-mgmt-sub"<br> create_subnetwork = true<br> ip_cidr_range = "10.10.10.0/28"<br> region = "us-east1"<br> }<br> }<br> firewall_rules = {<br> allow-mgmt-ingress = {<br> name = "allow-mgmt-vpc"<br> source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Replace 1.1.1.1/32 with your own souurce IP address for management purposes.<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | | <a name="input_project"></a> [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no | | <a name="input_region"></a> [region](#input\_region) | The region into which to deploy the infrastructure in to. | `string` | `"us-central1"` | no | | <a name="input_routes"></a> [routes](#input\_routes) | A map containing each route setting. Note that you can only add routes using a next-hop type of internal load-balance rule.<br><br>Example of variable deployment :<pre>routes = {<br> "default-route-trust" = {<br> name = "fw-default-trust"<br> destination_range = "0.0.0.0/0"<br> vpc_network_key = "fw-trust-vpc"<br> lb_internal_name = "internal-lb"<br> }<br>}</pre>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_service_accounts"></a> [service\_accounts](#input\_service\_accounts) | A map containing each service account setting.<br><br>Example of variable deployment :<pre>service_accounts = {<br> "sa-vmseries-01" = {<br> service_account_id = "sa-vmseries-01"<br> display_name = "VM-Series SA"<br> roles = [<br> "roles/compute.networkViewer",<br> "roles/logging.logWriter",<br> "roles/monitoring.metricWriter",<br> "roles/monitoring.viewer",<br> "roles/viewer"<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/iam_service_account#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_vmseries"></a> [vmseries](#input\_vmseries) | A map containing each individual vmseries setting.<br><br>Example of variable deployment :<pre>vmseries = {<br> "fw-vmseries-01" = {<br> name = "fw-vmseries-01"<br> zone = "us-east1-b"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> tags = ["vmseries"]<br> service_account_key = "sa-vmseries-01"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"<br> bootstrap_options = {<br> panorama-server = "1.1.1.1"<br> dns-primary = "8.8.8.8"<br> dns-secondary = "8.8.4.4"<br> }<br> bootstrap_template_map = {<br> trust_gcp_router_ip = "10.10.12.1"<br> untrust_gcp_router_ip = "10.10.11.1"<br> private_network_cidr = "192.168.0.0/16"<br> untrust_loopback_ip = "1.1.1.1/32" #This is placeholder IP - you must replace it on the vmseries config with the LB public IP address after the infrastructure is deployed<br> trust_loopback_ip = "10.10.12.5/32"<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> network_interfaces = [<br> {<br> vpc_network_key = "fw-untrust-vpc"<br> subnetwork_key = "fw-untrust-sub"<br> private_ip = "10.10.11.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-mgmt-vpc"<br> subnetwork_key = "fw-mgmt-sub"<br> private_ip = "10.10.10.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-trust-vpc"<br> subnetwork_key = "fw-trust-sub"<br> private_ip = "10.10.12.2"<br> },<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vmseries#inputs)<br><br>The bootstrap\_template\_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs.<br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | +| <a name="input_service_accounts"></a> [service\_accounts](#input\_service\_accounts) | A map containing each service account setting.<br><br>Example of variable deployment :<pre>service_accounts = {<br> "sa-vmseries-01" = {<br> service_account_id = "sa-vmseries-01"<br> display_name = "VM-Series SA"<br> roles = [<br> "roles/compute.networkViewer",<br> "roles/logging.logWriter",<br> "roles/monitoring.metricWriter",<br> "roles/monitoring.viewer",<br> "roles/viewer"<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/iam_service_account#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_vmseries"></a> [vmseries](#input\_vmseries) | A map containing each individual vmseries setting.<br><br>Example of variable deployment :<pre>vmseries = {<br> "fw-vmseries-01" = {<br> name = "fw-vmseries-01"<br> zone = "us-east1-b"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> tags = ["vmseries"]<br> service_account_key = "sa-vmseries-01"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"<br> bootstrap_options = {<br> panorama-server = "1.1.1.1"<br> dns-primary = "8.8.8.8"<br> dns-secondary = "8.8.4.4"<br> }<br> bootstrap_template_map = {<br> trust_gcp_router_ip = "10.10.12.1"<br> untrust_gcp_router_ip = "10.10.11.1"<br> private_network_cidr = "192.168.0.0/16"<br> untrust_loopback_ip = "1.1.1.1/32" #This is placeholder IP - you must replace it on the vmseries config with the LB public IP address after the infrastructure is deployed<br> trust_loopback_ip = "10.10.12.5/32"<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> network_interfaces = [<br> {<br> vpc_network_key = "fw-untrust-vpc"<br> subnetwork_key = "fw-untrust-sub"<br> private_ip = "10.10.11.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-mgmt-vpc"<br> subnetwork_key = "fw-mgmt-sub"<br> private_ip = "10.10.10.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-trust-vpc"<br> subnetwork_key = "fw-trust-sub"<br> private_ip = "10.10.12.2"<br> },<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vmseries#inputs)<br><br>The bootstrap\_template\_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs.<br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | | <a name="input_vmseries_common"></a> [vmseries\_common](#input\_vmseries\_common) | A map containing common vmseries setting.<br><br>Example of variable deployment :<pre>vmseries_common = {<br> ssh_keys = "admin:AAAABBBB..."<br> vmseries_image = "vmseries-flex-byol-1022h2"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> service_account_key = "sa-vmseries-01"<br> bootstrap_options = {<br> type = "dhcp-client"<br> mgmt-interface-swap = "enable"<br> }<br>}</pre>Bootstrap options can be moved between vmseries individual instance variable (`vmseries`) and this common vmserie variable (`vmseries_common`). | `any` | n/a | yes | -| <a name="input_vpc_peerings"></a> [vpc\_peerings](#input\_vpc\_peerings) | A map containing each VPC peering setting.<br><br>Example of variable deployment :<pre>vpc_peerings = {<br> "trust-to-spoke1" = {<br> local_network_key = "fw-trust-vpc"<br> peer_network_key = "fw-spoke1-vpc"<br><br> local_export_custom_routes = true<br> local_import_custom_routes = true<br> local_export_subnet_routes_with_public_ip = true<br> local_import_subnet_routes_with_public_ip = true<br><br> peer_export_custom_routes = true<br> peer_import_custom_routes = true<br> peer_export_subnet_routes_with_public_ip = true<br> peer_import_subnet_routes_with_public_ip = true<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc-peering#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_vpc_peerings"></a> [vpc\_peerings](#input\_vpc\_peerings) | A map containing each VPC peering setting.<br><br>Example of variable deployment :<pre>vpc_peerings = {<br> "trust-to-spoke1" = {<br> local_network_key = "fw-trust-vpc"<br> peer_network_key = "fw-spoke1-vpc"<br><br> local_export_custom_routes = true<br> local_import_custom_routes = true<br> local_export_subnet_routes_with_public_ip = true<br> local_import_subnet_routes_with_public_ip = true<br><br> peer_export_custom_routes = true<br> peer_import_custom_routes = true<br> peer_export_subnet_routes_with_public_ip = true<br> peer_import_subnet_routes_with_public_ip = true<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc-peering#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | ### Outputs diff --git a/examples/vpc_peering_common/main_test.go b/examples/vpc_peering_common/main_test.go index 1c47bbc..c3f07e8 100644 --- a/examples/vpc_peering_common/main_test.go +++ b/examples/vpc_peering_common/main_test.go @@ -1,10 +1,10 @@ package vpc_peering_common import ( - "testing" "log" + "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" "github.com/gruntwork-io/terratest/modules/logger" "github.com/gruntwork-io/terratest/modules/terraform" ) @@ -62,4 +62,4 @@ func TestIdempotence(t *testing.T) { assertList := []testskeleton.AssertExpression{} // deploy test infrastructure and verify outputs and check if there are no planned changes after deployment testskeleton.DeployInfraCheckOutputsVerifyChanges(t, terraformOptions, assertList) -} \ No newline at end of file +} diff --git a/examples/vpc_peering_common/variables.tf b/examples/vpc_peering_common/variables.tf index fefef8e..43ae113 100644 --- a/examples/vpc_peering_common/variables.tf +++ b/examples/vpc_peering_common/variables.tf @@ -37,7 +37,7 @@ variable "service_accounts" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/iam_service_account#Inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/iam_service_account#Inputs) Multiple keys can be added and will be deployed by the code. @@ -64,7 +64,7 @@ variable "bootstrap_buckets" { } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/bootstrap#Inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/bootstrap#Inputs) Multiple keys can be added and will be deployed by the code. @@ -110,7 +110,7 @@ variable "networks" { } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks) Multiple keys can be added and will be deployed by the code. EOF @@ -140,7 +140,7 @@ variable "vpc_peerings" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc-peering#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc-peering#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -263,7 +263,7 @@ variable "vmseries" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vmseries#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vmseries#inputs) The bootstrap_template_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs. Multiple keys can be added and will be deployed by the code. @@ -291,7 +291,7 @@ variable "lbs_internal" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_internal#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -319,7 +319,7 @@ variable "lbs_external" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_external#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_external#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -358,4 +358,4 @@ variable "linux_vms" { EOF type = map(any) default = {} -} \ No newline at end of file +} diff --git a/examples/vpc_peering_common_with_autoscale/README.md b/examples/vpc_peering_common_with_autoscale/README.md index 9eac31e..9885f98 100644 --- a/examples/vpc_peering_common_with_autoscale/README.md +++ b/examples/vpc_peering_common_with_autoscale/README.md @@ -17,7 +17,7 @@ This design model integrates multiple methods to interconnect and control your a The common firewall option with autoscaling leverages a single set autoscale group of VM-Series firewalls. Compared to the standard common firewall option - the autoscaling solved the issue of resource bottleneck given by a single set of firewalls, being able to scale horizontally based on configurable metrics. -![VM-Series-Common-Firewall-Option-With-Autoscaling](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/assets/43091730/ca675535-d8d9-44f1-af75-2558afa4621d) +![VM-Series-Common-Firewall-Option-With-Autoscaling](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/assets/2110772/b4112be1-4189-4197-85e8-0154a3665c05) The scope of this code is to deploy an example of the [VM-Series Common Firewall Option](https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/guides/gcp-architecture-guide#Design%20Model) architecture within a GCP project, but using an autoscaling group of instances instead of a single pair of firewall. @@ -49,8 +49,8 @@ The following steps should be followed before deploying the Terraform code prese 2. Clone the repository: ``` -git clone https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules -cd terraform-google-vmseries-modules/examples/vpc_peering_common_with_autoscale +git clone https://github.com/PaloAltoNetworks/terraform-google-swfw-modules +cd terraform-google-swfw-modules/examples/vpc_peering_common_with_autoscale ``` 3. Copy the `example.tfvars` to `terraform.tfvars`. @@ -192,16 +192,16 @@ please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the | <a name="input_autoscale"></a> [autoscale](#input\_autoscale) | A map containing each vmseries autoscale setting.<br>Zonal or regional managed instance group type is controolled from the `autoscale_regional_mig` variable for all autoscale instances.<br><br>Example of variable deployment :<pre>autoscale = {<br> fw-autoscale-common = {<br> name = "fw-autoscale-common"<br> zones = {<br> zone1 = "us-east4-b"<br> zone2 = "us-east4-c"<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> service_account_key = "sa-vmseries-01"<br> min_vmseries_replicas = 2<br> max_vmseries_replicas = 4<br> create_pubsub_topic = true<br> autoscaler_metrics = {<br> "custom.googleapis.com/VMSeries/panSessionUtilization" = {<br> target = 70<br> }<br> "custom.googleapis.com/VMSeries/panSessionThroughputKbps" = {<br> target = 700000<br> }<br> }<br> bootstrap_options = {<br> type = "dhcp-client"<br> dhcp-send-hostname = "yes"<br> dhcp-send-client-id = "yes"<br> dhcp-accept-server-hostname = "yes"<br> dhcp-accept-server-domain = "yes"<br> mgmt-interface-swap = "enable"<br> panorama-server = "1.1.1.1"<br> ssh-keys = "admin:<your_ssh_key>" # Replace this value with client data<br> }<br> network_interfaces = [<br> {<br> vpc_network_key = "fw-untrust-vpc"<br> subnetwork_key = "fw-untrust-sub"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-mgmt-vpc"<br> subnetwork_key = "fw-mgmt-sub"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-trust-vpc"<br> subnetwork_key = "fw-trust-sub"<br> }<br> ]<br> }<br>}</pre> | `any` | `{}` | no | | <a name="input_autoscale_common"></a> [autoscale\_common](#input\_autoscale\_common) | A map containing common vmseries autoscale setting.<br>Bootstrap options can be moved between vmseries autoscale individual instances variable (`autoscale`) and this common vmseries autoscale variable (`autoscale_common`).<br><br>Example of variable deployment :<pre>autoscale_common = {<br> image = "vmseries-flex-byol-1110"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> disk_type = "pd-ssd"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> tags = ["vmseries-autoscale"]<br> update_policy_type = "OPPORTUNISTIC"<br> cooldown_period = 480<br> bootstrap_options = [<br> panorama_server = "1.1.1.1"<br> ]<br>}</pre> | `any` | `{}` | no | | <a name="input_autoscale_regional_mig"></a> [autoscale\_regional\_mig](#input\_autoscale\_regional\_mig) | Sets the managed instance group type to either a regional (if `true`) or a zonal (if `false`).<br>For more information please see [About regional MIGs](https://cloud.google.com/compute/docs/instance-groups/regional-migs#why_choose_regional_managed_instance_groups). | `bool` | `true` | no | -| <a name="input_lbs_external"></a> [lbs\_external](#input\_lbs\_external) | A map containing each external loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_external = {<br> "external-lb" = {<br> name = "external-lb"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> rules = {<br> "all-ports" = {<br> ip_protocol = "L3_DEFAULT"<br> }<br> }<br> http_health_check_port = "80"<br> http_health_check_request_path = "/php/login.php"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_external#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_lbs_internal"></a> [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.<br>Note : private IP reservation is not by default within the example as it may overlap with autoscale IP allocation.<br><br>Example of variable deployment :<pre>lbs_internal = {<br> "internal-lb" = {<br> name = "internal-lb"<br> health_check_port = "80"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> subnetwork_key = "fw-trust-sub"<br> vpc_network_key = "fw-trust-vpc"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_internal#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_lbs_external"></a> [lbs\_external](#input\_lbs\_external) | A map containing each external loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_external = {<br> "external-lb" = {<br> name = "external-lb"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> rules = {<br> "all-ports" = {<br> ip_protocol = "L3_DEFAULT"<br> }<br> }<br> http_health_check_port = "80"<br> http_health_check_request_path = "/php/login.php"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_external#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_lbs_internal"></a> [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.<br>Note : private IP reservation is not by default within the example as it may overlap with autoscale IP allocation.<br><br>Example of variable deployment :<pre>lbs_internal = {<br> "internal-lb" = {<br> name = "internal-lb"<br> health_check_port = "80"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> subnetwork_key = "fw-trust-sub"<br> vpc_network_key = "fw-trust-vpc"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | | <a name="input_linux_vms"></a> [linux\_vms](#input\_linux\_vms) | A map containing each Linux VM configuration that will be placed in SPOKE VPCs for testing purposes.<br><br>Example of varaible deployment:<pre>linux_vms = {<br> spoke1-vm = {<br> linux_machine_type = "n2-standard-4"<br> zone = "us-east1-b"<br> linux_disk_size = "50" # Modify this value as per deployment requirements<br> vpc_network_key = "fw-spoke1-vpc"<br> subnetwork_key = "fw-spoke1-sub"<br> private_ip = "192.168.1.2"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> service_account_key = "sa-linux-01"<br> }<br>}</pre> | `map(any)` | `{}` | no | | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings. | `string` | `"example-"` | no | -| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> fw-mgmt-vpc = {<br> vpc_name = "fw-mgmt-vpc"<br> create_network = true<br> delete_default_routes_on_create = false<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> fw-mgmt-sub = {<br> name = "fw-mgmt-sub"<br> create_subnetwork = true<br> ip_cidr_range = "10.10.10.0/28"<br> region = "us-east1"<br> }<br> }<br> firewall_rules = {<br> allow-mgmt-ingress = {<br> name = "allow-mgmt-vpc"<br> source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Replace 1.1.1.1/32 with your own souurce IP address for management purposes.<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code. | `any` | `{}` | no | +| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> fw-mgmt-vpc = {<br> vpc_name = "fw-mgmt-vpc"<br> create_network = true<br> delete_default_routes_on_create = false<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> fw-mgmt-sub = {<br> name = "fw-mgmt-sub"<br> create_subnetwork = true<br> ip_cidr_range = "10.10.10.0/28"<br> region = "us-east1"<br> }<br> }<br> firewall_rules = {<br> allow-mgmt-ingress = {<br> name = "allow-mgmt-vpc"<br> source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Replace 1.1.1.1/32 with your own souurce IP address for management purposes.<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code. | `any` | `{}` | no | | <a name="input_project"></a> [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no | | <a name="input_region"></a> [region](#input\_region) | The region into which to deploy the infrastructure in to. | `string` | `"us-central1"` | no | | <a name="input_routes"></a> [routes](#input\_routes) | A map containing each route setting. Note that you can only add routes using a next-hop type of internal load-balance rule.<br><br>Example of variable deployment :<pre>routes = {<br> "default-route-trust" = {<br> name = "fw-default-trust"<br> destination_range = "0.0.0.0/0"<br> vpc_network_key = "fw-trust-vpc"<br> lb_internal_name = "internal-lb"<br> }<br>}</pre>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_service_accounts"></a> [service\_accounts](#input\_service\_accounts) | A map containing each service account setting.<br><br>Example of variable deployment :<pre>service_accounts = {<br> "sa-vmseries-01" = {<br> service_account_id = "sa-vmseries-01"<br> display_name = "VM-Series SA"<br> roles = [<br> "roles/compute.networkViewer",<br> "roles/logging.logWriter",<br> "roles/monitoring.metricWriter",<br> "roles/monitoring.viewer",<br> "roles/viewer"<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/iam_service_account#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_vpc_peerings"></a> [vpc\_peerings](#input\_vpc\_peerings) | A map containing each VPC peering setting.<br><br>Example of variable deployment :<pre>vpc_peerings = {<br> "trust-to-spoke1" = {<br> local_network_key = "fw-trust-vpc"<br> peer_network_key = "fw-spoke1-vpc"<br><br> local_export_custom_routes = true<br> local_import_custom_routes = true<br> local_export_subnet_routes_with_public_ip = true<br> local_import_subnet_routes_with_public_ip = true<br><br> peer_export_custom_routes = true<br> peer_import_custom_routes = true<br> peer_export_subnet_routes_with_public_ip = true<br> peer_import_subnet_routes_with_public_ip = true<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc-peering#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_service_accounts"></a> [service\_accounts](#input\_service\_accounts) | A map containing each service account setting.<br><br>Example of variable deployment :<pre>service_accounts = {<br> "sa-vmseries-01" = {<br> service_account_id = "sa-vmseries-01"<br> display_name = "VM-Series SA"<br> roles = [<br> "roles/compute.networkViewer",<br> "roles/logging.logWriter",<br> "roles/monitoring.metricWriter",<br> "roles/monitoring.viewer",<br> "roles/viewer"<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/iam_service_account#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_vpc_peerings"></a> [vpc\_peerings](#input\_vpc\_peerings) | A map containing each VPC peering setting.<br><br>Example of variable deployment :<pre>vpc_peerings = {<br> "trust-to-spoke1" = {<br> local_network_key = "fw-trust-vpc"<br> peer_network_key = "fw-spoke1-vpc"<br><br> local_export_custom_routes = true<br> local_import_custom_routes = true<br> local_export_subnet_routes_with_public_ip = true<br> local_import_subnet_routes_with_public_ip = true<br><br> peer_export_custom_routes = true<br> peer_import_custom_routes = true<br> peer_export_subnet_routes_with_public_ip = true<br> peer_import_subnet_routes_with_public_ip = true<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc-peering#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | ### Outputs diff --git a/examples/vpc_peering_common_with_autoscale/main_test.go b/examples/vpc_peering_common_with_autoscale/main_test.go index 9e6dbfa..5e9ca08 100644 --- a/examples/vpc_peering_common_with_autoscale/main_test.go +++ b/examples/vpc_peering_common_with_autoscale/main_test.go @@ -1,10 +1,10 @@ package vpc_peering_common_with_autoscale import ( - "testing" "log" + "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" "github.com/gruntwork-io/terratest/modules/logger" "github.com/gruntwork-io/terratest/modules/terraform" ) diff --git a/examples/vpc_peering_common_with_autoscale/variables.tf b/examples/vpc_peering_common_with_autoscale/variables.tf index d3089ea..faccd9b 100644 --- a/examples/vpc_peering_common_with_autoscale/variables.tf +++ b/examples/vpc_peering_common_with_autoscale/variables.tf @@ -37,7 +37,7 @@ variable "service_accounts" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/iam_service_account#Inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/iam_service_account#Inputs) Multiple keys can be added and will be deployed by the code. @@ -83,7 +83,7 @@ variable "networks" { } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks) Multiple keys can be added and will be deployed by the code. EOF @@ -115,7 +115,7 @@ variable "vpc_peerings" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc-peering#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc-peering#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -279,7 +279,7 @@ variable "lbs_internal" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_internal#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -307,7 +307,7 @@ variable "lbs_external" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_external#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_external#inputs) Multiple keys can be added and will be deployed by the code. EOF diff --git a/examples/vpc_peering_common_with_network_tags/README.md b/examples/vpc_peering_common_with_network_tags/README.md index 9522645..7e9d975 100644 --- a/examples/vpc_peering_common_with_network_tags/README.md +++ b/examples/vpc_peering_common_with_network_tags/README.md @@ -21,7 +21,7 @@ With default variable values the topology consists of : - two external regional network loadbalancer (for inbound traffic) - two static routes with intance tag based on each region -![vpc-peering-network-tags](https://user-images.githubusercontent.com/43091730/234361631-651c0eaa-fb4c-46dd-b654-ddb1c5a600f0.png) +![vpc-peering-network-tags](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/assets/2110772/c2ba14e7-9895-48f1-b00d-766f11e0e5e8) ### Traffic flows details @@ -43,8 +43,8 @@ With default variable values the topology consists of : 2. Clone the repository: ``` -git clone https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules -cd terraform-google-vmseries-modules/examples/vpc-peering-common-with-network-tags +git clone https://github.com/PaloAltoNetworks/terraform-google-swfw-modules +cd terraform-google-swfw-modules/examples/vpc-peering-common-with-network-tags ``` 3. Fill out any modifications to `example.tfvars` file - at least `project`, `ssh_keys` and `source_ranges` should be modified for successful deployment and access to the instance. There is also a few variables that have some default values but which should also be changed as per deployment requirements : @@ -242,18 +242,18 @@ please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| <a name="input_bootstrap_buckets"></a> [bootstrap\_buckets](#input\_bootstrap\_buckets) | A map containing each bootstrap bucket setting.<br><br>Example of variable deployment:<pre>bootstrap_buckets = {<br> vmseries-bootstrap-bucket-01 = {<br> bucket_name_prefix = "bucket-01-"<br> location = "us"<br> service_account_key = "sa-vmseries-01"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/bootstrap#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_lbs_external"></a> [lbs\_external](#input\_lbs\_external) | A map containing each external loadbalancer setting .<br><br>Example of variable deployment :<pre>lbs_external_region_1 = {<br> external-lb-region-1 = {<br> name = "external-lb"<br> region = "us-east1"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> rules = {<br> all-ports-region-1 = {<br> ip_protocol = "L3_DEFAULT"<br> }<br> }<br> http_health_check_port = "80"<br> http_health_check_request_path = "/php/login.php"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_external#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_lbs_internal"></a> [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting .<br><br>Example of variable deployment :<pre>lbs_internal = {<br> internal-lb-region-1 = {<br> name = "internal-lb"<br> region = "us-east1"<br> health_check_port = "80"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> ip_address = "10.10.12.5"<br> subnetwork_key = "fw-trust-sub-region-1"<br> vpc_network_key = "fw-trust-vpc"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_internal#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_bootstrap_buckets"></a> [bootstrap\_buckets](#input\_bootstrap\_buckets) | A map containing each bootstrap bucket setting.<br><br>Example of variable deployment:<pre>bootstrap_buckets = {<br> vmseries-bootstrap-bucket-01 = {<br> bucket_name_prefix = "bucket-01-"<br> location = "us"<br> service_account_key = "sa-vmseries-01"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/bootstrap#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_lbs_external"></a> [lbs\_external](#input\_lbs\_external) | A map containing each external loadbalancer setting .<br><br>Example of variable deployment :<pre>lbs_external_region_1 = {<br> external-lb-region-1 = {<br> name = "external-lb"<br> region = "us-east1"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> rules = {<br> all-ports-region-1 = {<br> ip_protocol = "L3_DEFAULT"<br> }<br> }<br> http_health_check_port = "80"<br> http_health_check_request_path = "/php/login.php"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_external#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_lbs_internal"></a> [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting .<br><br>Example of variable deployment :<pre>lbs_internal = {<br> internal-lb-region-1 = {<br> name = "internal-lb"<br> region = "us-east1"<br> health_check_port = "80"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> ip_address = "10.10.12.5"<br> subnetwork_key = "fw-trust-sub-region-1"<br> vpc_network_key = "fw-trust-vpc"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | | <a name="input_linux_vms"></a> [linux\_vms](#input\_linux\_vms) | A map containing each Linux VM configuration in region\_1 that will be placed in spoke VPC network for testing purposes.<br><br>Example of varaible deployment:<pre>linux_vms = {<br> spoke1-vm = {<br> linux_machine_type = "n2-standard-4"<br> region = "us-east1"<br> zone = "us-east1-b"<br> linux_disk_size = "50" # Modify this value as per deployment requirements<br> vpc_network_key = "fw-spoke1-vpc"<br> subnetwork_key = "fw-spoke1-sub-region-1"<br> private_ip = "192.168.1.2"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> service_account_key = "sa-linux-01"<br> }<br>}</pre> | `map(any)` | `{}` | no | | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings. | `string` | `"example-"` | no | -| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> fw-mgmt-vpc = {<br> vpc_name = "fw-mgmt-vpc"<br> create_network = true<br> delete_default_routes_on_create = false<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> fw-mgmt-sub = {<br> name = "fw-mgmt-sub"<br> create_subnetwork = true<br> ip_cidr_range = "10.10.10.0/28"<br> region = "us-east1"<br> }<br> }<br> firewall_rules = {<br> allow-mgmt-ingress = {<br> name = "allow-mgmt-vpc"<br> source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Replace 1.1.1.1/32 with your own souurce IP address for management purposes.<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | +| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> fw-mgmt-vpc = {<br> vpc_name = "fw-mgmt-vpc"<br> create_network = true<br> delete_default_routes_on_create = false<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> fw-mgmt-sub = {<br> name = "fw-mgmt-sub"<br> create_subnetwork = true<br> ip_cidr_range = "10.10.10.0/28"<br> region = "us-east1"<br> }<br> }<br> firewall_rules = {<br> allow-mgmt-ingress = {<br> name = "allow-mgmt-vpc"<br> source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Replace 1.1.1.1/32 with your own souurce IP address for management purposes.<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | | <a name="input_project"></a> [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no | | <a name="input_routes"></a> [routes](#input\_routes) | A map containing each route setting. Note that you can only add routes using a next-hop type of internal load-balance rule.<br><br>Example of variable deployment :<pre>routes = {<br> fw-default-trust-region-1 = {<br> name = "fw-default-trust"<br> destination_range = "0.0.0.0/0"<br> vpc_network_key = "fw-spoke1-vpc"<br> lb_internal_key = "internal-lb-region-1"<br> region = "us-east1"<br> tags = ["us-east1"]<br> },<br> fw-default-trust-region-2 = {<br> name = "fw-default-trust"<br> destination_range = "0.0.0.0/0"<br> vpc_network_key = "fw-spoke1-vpc"<br> lb_internal_key = "internal-lb-region-2"<br> region = "us-west1"<br> tags = ["us-west1"]<br> }<br>}</pre>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_service_accounts"></a> [service\_accounts](#input\_service\_accounts) | A map containing each service account setting.<br><br>Example of variable deployment :<pre>service_accounts = {<br> "sa-vmseries-01" = {<br> service_account_id = "sa-vmseries-01"<br> display_name = "VM-Series SA"<br> roles = [<br> "roles/compute.networkViewer",<br> "roles/logging.logWriter",<br> "roles/monitoring.metricWriter",<br> "roles/monitoring.viewer",<br> "roles/viewer"<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/iam_service_account#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_vmseries"></a> [vmseries](#input\_vmseries) | A map containing each individual vmseries setting for vmseries instances.<br><br>Example of variable deployment :<pre>vmseries = {<br> fw-vmseries-01 = {<br> name = "fw-vmseries-01"<br> region = "us-east1"<br> zone = "us-east1-b"<br> tags = ["vmseries"]<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"<br> bootstrap_options = {<br> panorama-server = "1.1.1.1" # Modify this value as per deployment requirements<br> dns-primary = "8.8.8.8" # Modify this value as per deployment requirements<br> dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements<br> }<br> bootstrap_template_map = {<br> trust_gcp_router_ip = "10.10.12.1"<br> untrust_gcp_router_ip = "10.10.11.1"<br> private_network_cidr = "192.168.0.0/16"<br> untrust_loopback_ip = "1.1.1.1/32" # This is placeholder IP - you must replace it on the vmseries config with the LB public IP address (Region-1) after the infrastructure is deployed<br> trust_loopback_ip = "10.10.12.5/32"<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> network_interfaces = [<br> {<br> vpc_network_key = "fw-untrust-vpc"<br> subnetwork_key = "fw-untrust-sub-region-1"<br> private_ip = "10.10.11.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-mgmt-vpc"<br> subnetwork_key = "fw-mgmt-sub-region-1"<br> private_ip = "10.10.10.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-trust-vpc"<br> subnetwork_key = "fw-trust-sub-region-1"<br> private_ip = "10.10.12.2"<br> }<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vmseries#inputs)<br><br>The bootstrap\_template\_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs.<br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | +| <a name="input_service_accounts"></a> [service\_accounts](#input\_service\_accounts) | A map containing each service account setting.<br><br>Example of variable deployment :<pre>service_accounts = {<br> "sa-vmseries-01" = {<br> service_account_id = "sa-vmseries-01"<br> display_name = "VM-Series SA"<br> roles = [<br> "roles/compute.networkViewer",<br> "roles/logging.logWriter",<br> "roles/monitoring.metricWriter",<br> "roles/monitoring.viewer",<br> "roles/viewer"<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/iam_service_account#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_vmseries"></a> [vmseries](#input\_vmseries) | A map containing each individual vmseries setting for vmseries instances.<br><br>Example of variable deployment :<pre>vmseries = {<br> fw-vmseries-01 = {<br> name = "fw-vmseries-01"<br> region = "us-east1"<br> zone = "us-east1-b"<br> tags = ["vmseries"]<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"<br> bootstrap_options = {<br> panorama-server = "1.1.1.1" # Modify this value as per deployment requirements<br> dns-primary = "8.8.8.8" # Modify this value as per deployment requirements<br> dns-secondary = "8.8.4.4" # Modify this value as per deployment requirements<br> }<br> bootstrap_template_map = {<br> trust_gcp_router_ip = "10.10.12.1"<br> untrust_gcp_router_ip = "10.10.11.1"<br> private_network_cidr = "192.168.0.0/16"<br> untrust_loopback_ip = "1.1.1.1/32" # This is placeholder IP - you must replace it on the vmseries config with the LB public IP address (Region-1) after the infrastructure is deployed<br> trust_loopback_ip = "10.10.12.5/32"<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> network_interfaces = [<br> {<br> vpc_network_key = "fw-untrust-vpc"<br> subnetwork_key = "fw-untrust-sub-region-1"<br> private_ip = "10.10.11.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-mgmt-vpc"<br> subnetwork_key = "fw-mgmt-sub-region-1"<br> private_ip = "10.10.10.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-trust-vpc"<br> subnetwork_key = "fw-trust-sub-region-1"<br> private_ip = "10.10.12.2"<br> }<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vmseries#inputs)<br><br>The bootstrap\_template\_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs.<br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | | <a name="input_vmseries_common"></a> [vmseries\_common](#input\_vmseries\_common) | A map containing common vmseries setting.<br><br>Example of variable deployment :<pre>vmseries_common = {<br> ssh_keys = "admin:AAABBB..."<br> vmseries_image = "vmseries-flex-byol-1022h2"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> service_account_key = "sa-vmseries-01"<br> bootstrap_options = {<br> type = "dhcp-client"<br> mgmt-interface-swap = "enable"<br> }<br>}</pre>Bootstrap options can be moved between vmseries individual instance variable (`vmseries`) and this common vmserie variable (`vmseries_common`). | `any` | n/a | yes | -| <a name="input_vpc_peerings"></a> [vpc\_peerings](#input\_vpc\_peerings) | A map containing each VPC peering setting.<br><br>Example of variable deployment :<pre>vpc_peerings = {<br> "trust-to-spoke1" = {<br> local_network_key = "fw-trust-vpc"<br> peer_network_key = "fw-spoke1-vpc"<br><br> local_export_custom_routes = true<br> local_import_custom_routes = true<br> local_export_subnet_routes_with_public_ip = true<br> local_import_subnet_routes_with_public_ip = true<br><br> peer_export_custom_routes = true<br> peer_import_custom_routes = true<br> peer_export_subnet_routes_with_public_ip = true<br> peer_import_subnet_routes_with_public_ip = true<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc-peering#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_vpc_peerings"></a> [vpc\_peerings](#input\_vpc\_peerings) | A map containing each VPC peering setting.<br><br>Example of variable deployment :<pre>vpc_peerings = {<br> "trust-to-spoke1" = {<br> local_network_key = "fw-trust-vpc"<br> peer_network_key = "fw-spoke1-vpc"<br><br> local_export_custom_routes = true<br> local_import_custom_routes = true<br> local_export_subnet_routes_with_public_ip = true<br> local_import_subnet_routes_with_public_ip = true<br><br> peer_export_custom_routes = true<br> peer_import_custom_routes = true<br> peer_export_subnet_routes_with_public_ip = true<br> peer_import_subnet_routes_with_public_ip = true<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc-peering#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | ### Outputs diff --git a/examples/vpc_peering_common_with_network_tags/main_test.go b/examples/vpc_peering_common_with_network_tags/main_test.go index eb3958c..da85a17 100644 --- a/examples/vpc_peering_common_with_network_tags/main_test.go +++ b/examples/vpc_peering_common_with_network_tags/main_test.go @@ -1,10 +1,10 @@ package vpc_peering_common_with_network_tags import ( - "testing" "log" + "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" "github.com/gruntwork-io/terratest/modules/logger" "github.com/gruntwork-io/terratest/modules/terraform" ) @@ -62,4 +62,4 @@ func TestIdempotence(t *testing.T) { assertList := []testskeleton.AssertExpression{} // deploy test infrastructure and verify outputs and check if there are no planned changes after deployment testskeleton.DeployInfraCheckOutputsVerifyChanges(t, terraformOptions, assertList) -} \ No newline at end of file +} diff --git a/examples/vpc_peering_common_with_network_tags/variables.tf b/examples/vpc_peering_common_with_network_tags/variables.tf index 646f1dc..44b35ab 100644 --- a/examples/vpc_peering_common_with_network_tags/variables.tf +++ b/examples/vpc_peering_common_with_network_tags/variables.tf @@ -32,7 +32,7 @@ variable "service_accounts" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/iam_service_account#Inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/iam_service_account#Inputs) Multiple keys can be added and will be deployed by the code. @@ -59,7 +59,7 @@ variable "bootstrap_buckets" { } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/bootstrap#Inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/bootstrap#Inputs) Multiple keys can be added and will be deployed by the code. @@ -105,7 +105,7 @@ variable "networks" { } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks) Multiple keys can be added and will be deployed by the code. EOF @@ -136,7 +136,7 @@ variable "vpc_peerings" { } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc-peering#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc-peering#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -267,7 +267,7 @@ variable "vmseries" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vmseries#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vmseries#inputs) The bootstrap_template_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs. Multiple keys can be added and will be deployed by the code. @@ -296,7 +296,7 @@ variable "lbs_internal" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_internal#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -326,7 +326,7 @@ variable "lbs_external" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_external#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_external#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -366,4 +366,4 @@ variable "linux_vms" { EOF type = map(any) default = {} -} \ No newline at end of file +} diff --git a/examples/vpc_peering_dedicated/README.md b/examples/vpc_peering_dedicated/README.md index eb1e303..6fd3453 100644 --- a/examples/vpc_peering_dedicated/README.md +++ b/examples/vpc_peering_dedicated/README.md @@ -10,7 +10,7 @@ The Terraform code presented here will deploy Palo Alto Networks VM-Series firew ## Reference Architecture Design -![simple](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/assets/6574404/942d7e0a-eafb-42fb-ba53-6fefedb4b69d) +![simple](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/assets/2110772/9530fc51-7267-4b74-a996-a522b97f0996) This code implements: - a _centralized design_, a hub-and-spoke topology with a shared VPC containing VM-Series to inspect all inbound, outbound, east-west, and enterprise traffic @@ -27,7 +27,7 @@ This design model integrates multiple methods to interconnect and control your a The dedicated inbound option separates traffic flows across two separate sets of VM-Series firewalls. One set of VM-Series firewalls is dedicated to inbound traffic flows, allowing for greater flexibility and scaling of inbound traffic loads. The second set of VM-Series firewalls services all outbound, east-west, and enterprise network traffic flows. This deployment choice offers increased scale and operational resiliency and reduces the chances of high bandwidth use from the inbound traffic flows affecting other traffic flows within the deployment. -![gcp-dedicatedinbound](https://user-images.githubusercontent.com/43091730/232493285-372de660-6c10-4957-ae3a-183e891af815.png) +![gcp-dedicatedinbound](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/assets/2110772/9b331a6a-f29b-44d9-9b87-89833e84fa32) With default variable values the topology consists of : - 5 VPC networks : @@ -56,8 +56,8 @@ The following steps should be followed before deploying the Terraform code prese 2. Clone the repository: ``` -git clone https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules -cd terraform-google-vmseries-modules/examples/vpc-peering-dedicated +git clone https://github.com/PaloAltoNetworks/terraform-google-swfw-modules +cd terraform-google-swfw-modules/examples/vpc-peering-dedicated ``` 3. Copy the `example.tfvars` to `terraform.tfvars`. @@ -238,19 +238,19 @@ The GCP Global HTTP LB acts as a proxy and sends traffic to the VM-Series `Untru | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| <a name="input_bootstrap_buckets"></a> [bootstrap\_buckets](#input\_bootstrap\_buckets) | A map containing each bootstrap bucket setting.<br><br>Example of variable deployment:<pre>bootstrap_buckets = {<br> vmseries-bootstrap-bucket-01 = {<br> bucket_name_prefix = "bucket-01-"<br> location = "us"<br> service_account_key = "sa-vmseries-01"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/bootstrap#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_lbs_global_http"></a> [lbs\_global\_http](#input\_lbs\_global\_http) | A map containing each Global HTTP loadbalancer setting.<br><br>Example of variable deployment:<pre>lbs_global_http = {<br> "global-http" = {<br> name = "global-http"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> max_rate_per_instance = 5000<br> backend_port_name = "http"<br> backend_protocol = "HTTP"<br> health_check_port = 80<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_http_ext_global#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_lbs_internal"></a> [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_internal = {<br> "internal-lb" = {<br> name = "internal-lb"<br> health_check_port = "80"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> ip_address = "10.10.12.5"<br> subnetwork_key = "fw-trust-sub"<br> vpc_network_key = "fw-trust-vpc"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_internal#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_bootstrap_buckets"></a> [bootstrap\_buckets](#input\_bootstrap\_buckets) | A map containing each bootstrap bucket setting.<br><br>Example of variable deployment:<pre>bootstrap_buckets = {<br> vmseries-bootstrap-bucket-01 = {<br> bucket_name_prefix = "bucket-01-"<br> location = "us"<br> service_account_key = "sa-vmseries-01"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/bootstrap#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_lbs_global_http"></a> [lbs\_global\_http](#input\_lbs\_global\_http) | A map containing each Global HTTP loadbalancer setting.<br><br>Example of variable deployment:<pre>lbs_global_http = {<br> "global-http" = {<br> name = "global-http"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> max_rate_per_instance = 5000<br> backend_port_name = "http"<br> backend_protocol = "HTTP"<br> health_check_port = 80<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_http_ext_global#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_lbs_internal"></a> [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_internal = {<br> "internal-lb" = {<br> name = "internal-lb"<br> health_check_port = "80"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> ip_address = "10.10.12.5"<br> subnetwork_key = "fw-trust-sub"<br> vpc_network_key = "fw-trust-vpc"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | | <a name="input_linux_vms"></a> [linux\_vms](#input\_linux\_vms) | A map containing each Linux VM configuration that will be placed in SPOKE VPCs for testing purposes.<br><br>Example of variable deployment:<pre>linux_vms = {<br> spoke1-vm = {<br> linux_machine_type = "n2-standard-4"<br> zone = "us-east1-b"<br> linux_disk_size = "50" # Modify this value as per deployment requirements<br> subnetwork = "spoke1-sub"<br> private_ip = "192.168.1.2"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> service_account_key = "sa-linux-01"<br> }<br>}</pre> | `map(any)` | `{}` | no | | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings. | `string` | `"example-"` | no | -| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> fw-mgmt-vpc = {<br> vpc_name = "fw-mgmt-vpc"<br> create_network = true<br> delete_default_routes_on_create = false<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> fw-mgmt-sub = {<br> name = "fw-mgmt-sub"<br> create_subnetwork = true<br> ip_cidr_range = "10.10.10.0/28"<br> region = "us-east1"<br> }<br> }<br> firewall_rules = {<br> allow-mgmt-ingress = {<br> name = "allow-mgmt-vpc"<br> source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Replace 1.1.1.1/32 with your own souurce IP address for management purposes.<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | +| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> fw-mgmt-vpc = {<br> vpc_name = "fw-mgmt-vpc"<br> create_network = true<br> delete_default_routes_on_create = false<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> fw-mgmt-sub = {<br> name = "fw-mgmt-sub"<br> create_subnetwork = true<br> ip_cidr_range = "10.10.10.0/28"<br> region = "us-east1"<br> }<br> }<br> firewall_rules = {<br> allow-mgmt-ingress = {<br> name = "allow-mgmt-vpc"<br> source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Replace 1.1.1.1/32 with your own souurce IP address for management purposes.<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | | <a name="input_project"></a> [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no | | <a name="input_region"></a> [region](#input\_region) | The region into which to deploy the infrastructure in to. | `string` | `"us-central1"` | no | | <a name="input_routes"></a> [routes](#input\_routes) | A map containing each route setting. Note that you can only add routes using a next-hop type of internal load-balance rule.<br><br>Example of variable deployment :<pre>routes = {<br> "default-route-trust" = {<br> name = "fw-default-trust"<br> destination_range = "0.0.0.0/0"<br> vpc_network_key = "fw-trust-vpc"<br> lb_internal_name = "internal-lb"<br> }<br>}</pre>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_service_accounts"></a> [service\_accounts](#input\_service\_accounts) | A map containing each service account setting.<br><br>Example of variable deployment :<pre>service_accounts = {<br> "sa-vmseries-01" = {<br> service_account_id = "sa-vmseries-01"<br> display_name = "VM-Series SA"<br> roles = [<br> "roles/compute.networkViewer",<br> "roles/logging.logWriter",<br> "roles/monitoring.metricWriter",<br> "roles/monitoring.viewer",<br> "roles/viewer"<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/iam_service_account#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_vmseries"></a> [vmseries](#input\_vmseries) | A map containing each individual vmseries setting.<br><br>Example of variable deployment :<pre>vmseries = {<br> "fw-vmseries-01" = {<br> name = "fw-vmseries-01"<br> zone = "us-east1-b"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> tags = ["vmseries"]<br> service_account_key = "sa-vmseries-01"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"<br> bootstrap_options = {<br> panorama-server = "1.1.1.1"<br> dns-primary = "8.8.8.8"<br> dns-secondary = "8.8.4.4"<br> }<br> bootstrap_template_map = {<br> trust_gcp_router_ip = "10.10.12.1"<br> untrust_gcp_router_ip = "10.10.11.1"<br> private_network_cidr = "192.168.0.0/16"<br> untrust_loopback_ip = "1.1.1.1/32" #This is placeholder IP - you must replace it on the vmseries config with the LB public IP address after the infrastructure is deployed<br> trust_loopback_ip = "10.10.12.5/32"<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> network_interfaces = [<br> {<br> vpc_network_key = "fw-untrust-vpc"<br> subnetwork_key = "fw-untrust-sub"<br> private_ip = "10.10.11.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-mgmt-vpc"<br> subnetwork_key = "fw-mgmt-sub"<br> private_ip = "10.10.10.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-trust-vpc"<br> subnetwork_key = "fw-trust-sub"<br> private_ip = "10.10.12.2"<br> },<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vmseries#inputs)<br><br>The bootstrap\_template\_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs.<br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | +| <a name="input_service_accounts"></a> [service\_accounts](#input\_service\_accounts) | A map containing each service account setting.<br><br>Example of variable deployment :<pre>service_accounts = {<br> "sa-vmseries-01" = {<br> service_account_id = "sa-vmseries-01"<br> display_name = "VM-Series SA"<br> roles = [<br> "roles/compute.networkViewer",<br> "roles/logging.logWriter",<br> "roles/monitoring.metricWriter",<br> "roles/monitoring.viewer",<br> "roles/viewer"<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/iam_service_account#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_vmseries"></a> [vmseries](#input\_vmseries) | A map containing each individual vmseries setting.<br><br>Example of variable deployment :<pre>vmseries = {<br> "fw-vmseries-01" = {<br> name = "fw-vmseries-01"<br> zone = "us-east1-b"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> tags = ["vmseries"]<br> service_account_key = "sa-vmseries-01"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> bootstrap_bucket_key = "vmseries-bootstrap-bucket-01"<br> bootstrap_options = {<br> panorama-server = "1.1.1.1"<br> dns-primary = "8.8.8.8"<br> dns-secondary = "8.8.4.4"<br> }<br> bootstrap_template_map = {<br> trust_gcp_router_ip = "10.10.12.1"<br> untrust_gcp_router_ip = "10.10.11.1"<br> private_network_cidr = "192.168.0.0/16"<br> untrust_loopback_ip = "1.1.1.1/32" #This is placeholder IP - you must replace it on the vmseries config with the LB public IP address after the infrastructure is deployed<br> trust_loopback_ip = "10.10.12.5/32"<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> network_interfaces = [<br> {<br> vpc_network_key = "fw-untrust-vpc"<br> subnetwork_key = "fw-untrust-sub"<br> private_ip = "10.10.11.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-mgmt-vpc"<br> subnetwork_key = "fw-mgmt-sub"<br> private_ip = "10.10.10.2"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-trust-vpc"<br> subnetwork_key = "fw-trust-sub"<br> private_ip = "10.10.12.2"<br> },<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vmseries#inputs)<br><br>The bootstrap\_template\_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs.<br>Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes | | <a name="input_vmseries_common"></a> [vmseries\_common](#input\_vmseries\_common) | A map containing common vmseries setting.<br><br>Example of variable deployment :<pre>vmseries_common = {<br> ssh_keys = "admin:AAABBB..."<br> vmseries_image = "vmseries-flex-byol-1022h2"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> service_account_key = "sa-vmseries-01"<br> bootstrap_options = {<br> type = "dhcp-client"<br> mgmt-interface-swap = "enable"<br> }<br>}</pre>Bootstrap options can be moved between vmseries individual instance variable (`vmseries`) and this common vmserie variable (`vmseries_common`). | `any` | n/a | yes | -| <a name="input_vpc_peerings"></a> [vpc\_peerings](#input\_vpc\_peerings) | A map containing each VPC peering setting.<br><br>Example of variable deployment :<pre>vpc_peerings = {<br> "trust-to-spoke1" = {<br> local_network_key = "fw-trust-vpc"<br> peer_network_key = "fw-spoke1-vpc"<br><br> local_export_custom_routes = true<br> local_import_custom_routes = true<br> local_export_subnet_routes_with_public_ip = true<br> local_import_subnet_routes_with_public_ip = true<br><br> peer_export_custom_routes = true<br> peer_import_custom_routes = true<br> peer_export_subnet_routes_with_public_ip = true<br> peer_import_subnet_routes_with_public_ip = true<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc-peering#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_vpc_peerings"></a> [vpc\_peerings](#input\_vpc\_peerings) | A map containing each VPC peering setting.<br><br>Example of variable deployment :<pre>vpc_peerings = {<br> "trust-to-spoke1" = {<br> local_network_key = "fw-trust-vpc"<br> peer_network_key = "fw-spoke1-vpc"<br><br> local_export_custom_routes = true<br> local_import_custom_routes = true<br> local_export_subnet_routes_with_public_ip = true<br> local_import_subnet_routes_with_public_ip = true<br><br> peer_export_custom_routes = true<br> peer_import_custom_routes = true<br> peer_export_subnet_routes_with_public_ip = true<br> peer_import_subnet_routes_with_public_ip = true<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc-peering#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | ### Outputs diff --git a/examples/vpc_peering_dedicated/main_test.go b/examples/vpc_peering_dedicated/main_test.go index 7652495..f8a55c4 100644 --- a/examples/vpc_peering_dedicated/main_test.go +++ b/examples/vpc_peering_dedicated/main_test.go @@ -1,10 +1,10 @@ package vpc_peering_dedicated import ( - "testing" "log" + "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" "github.com/gruntwork-io/terratest/modules/logger" "github.com/gruntwork-io/terratest/modules/terraform" ) @@ -62,4 +62,4 @@ func TestIdempotence(t *testing.T) { assertList := []testskeleton.AssertExpression{} // deploy test infrastructure and verify outputs and check if there are no planned changes after deployment testskeleton.DeployInfraCheckOutputsVerifyChanges(t, terraformOptions, assertList) -} \ No newline at end of file +} diff --git a/examples/vpc_peering_dedicated/variables.tf b/examples/vpc_peering_dedicated/variables.tf index a7cbbdc..56156fc 100644 --- a/examples/vpc_peering_dedicated/variables.tf +++ b/examples/vpc_peering_dedicated/variables.tf @@ -37,7 +37,7 @@ variable "service_accounts" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/iam_service_account#Inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/iam_service_account#Inputs) Multiple keys can be added and will be deployed by the code. @@ -64,7 +64,7 @@ variable "bootstrap_buckets" { } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/bootstrap#Inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/bootstrap#Inputs) Multiple keys can be added and will be deployed by the code. @@ -110,7 +110,7 @@ variable "networks" { } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks) Multiple keys can be added and will be deployed by the code. EOF @@ -140,7 +140,7 @@ variable "vpc_peerings" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc-peering#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc-peering#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -263,7 +263,7 @@ variable "vmseries" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vmseries#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vmseries#inputs) The bootstrap_template_map contains variables that will be applied to the bootstrap template. Each firewall Day 0 bootstrap will be parametrised based on these inputs. Multiple keys can be added and will be deployed by the code. @@ -291,7 +291,7 @@ variable "lbs_internal" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_internal#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -316,7 +316,7 @@ variable "lbs_global_http" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_http_ext_global#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_http_ext_global#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -354,4 +354,4 @@ variable "linux_vms" { EOF type = map(any) default = {} -} \ No newline at end of file +} diff --git a/examples/vpc_peering_dedicated_with_autoscale/README.md b/examples/vpc_peering_dedicated_with_autoscale/README.md index f2e0662..fa8ca03 100644 --- a/examples/vpc_peering_dedicated_with_autoscale/README.md +++ b/examples/vpc_peering_dedicated_with_autoscale/README.md @@ -17,7 +17,7 @@ This design model integrates multiple methods to interconnect and control your a The dedicated inbound firewall option with autoscaling leverages a single set autoscale group of VM-Series firewalls. Compared to the standard dedicated inbound firewall option - the autoscaling solved the issue of resource bottleneck given by a single set of firewalls, being able to scale horizontally based on configurable metrics. -![VM-Series-Dedicated-Firewall-Option-With-Autoscaling](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/assets/43091730/41e95242-eaf1-4850-b563-df17d138bef9) +![VM-Series-Dedicated-Firewall-Option-With-Autoscaling](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/assets/2110772/3e61f010-4c79-4654-98b3-44c3955804a4) The scope of this code is to deploy an example of the [VM-Series Dedicated Inbound Firewall Option](https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/guides/gcp-architecture-guide#Design%20Model) architecture within a GCP project, but using an autoscaling group of instances instead of a single pair of firewall. @@ -50,8 +50,8 @@ The following steps should be followed before deploying the Terraform code prese 2. Clone the repository: ``` -git clone https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules -cd terraform-google-vmseries-modules/examples/vpc_peering_dedicated_with_autoscale +git clone https://github.com/PaloAltoNetworks/terraform-google-swfw-modules +cd terraform-google-swfw-modules/examples/vpc_peering_dedicated_with_autoscale ``` 3. Copy the `example.tfvars` to `terraform.tfvars`. @@ -196,16 +196,16 @@ please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the | <a name="input_autoscale"></a> [autoscale](#input\_autoscale) | A map containing each vmseries autoscale setting.<br>Zonal or regional managed instance group type is controolled from the `autoscale_regional_mig` variable for all autoscale instances.<br><br>Example of variable deployment :<pre>autoscale = {<br> fw-autoscale-common = {<br> name = "fw-autoscale-common"<br> zones = {<br> zone1 = "us-east4-b"<br> zone2 = "us-east4-c"<br> }<br> named_ports = [<br> {<br> name = "http"<br> port = 80<br> },<br> {<br> name = "https"<br> port = 443<br> }<br> ]<br> service_account_key = "sa-vmseries-01"<br> min_vmseries_replicas = 2<br> max_vmseries_replicas = 4<br> create_pubsub_topic = true<br> autoscaler_metrics = {<br> "custom.googleapis.com/VMSeries/panSessionUtilization" = {<br> target = 70<br> }<br> "custom.googleapis.com/VMSeries/panSessionThroughputKbps" = {<br> target = 700000<br> }<br> }<br> bootstrap_options = {<br> type = "dhcp-client"<br> dhcp-send-hostname = "yes"<br> dhcp-send-client-id = "yes"<br> dhcp-accept-server-hostname = "yes"<br> dhcp-accept-server-domain = "yes"<br> mgmt-interface-swap = "enable"<br> panorama-server = "1.1.1.1"<br> ssh-keys = "admin:<your_ssh_key>" # Replace this value with client data<br> }<br> network_interfaces = [<br> {<br> vpc_network_key = "fw-untrust-vpc"<br> subnetwork_key = "fw-untrust-sub"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-mgmt-vpc"<br> subnetwork_key = "fw-mgmt-sub"<br> create_public_ip = true<br> },<br> {<br> vpc_network_key = "fw-trust-vpc"<br> subnetwork_key = "fw-trust-sub"<br> }<br> ]<br> }<br>}</pre> | `any` | `{}` | no | | <a name="input_autoscale_common"></a> [autoscale\_common](#input\_autoscale\_common) | A map containing common vmseries autoscale setting.<br>Bootstrap options can be moved between vmseries autoscale individual instances variable (`autoscale`) and this common vmseries autoscale variable (`autoscale_common`).<br><br>Example of variable deployment :<pre>autoscale_common = {<br> image = "vmseries-flex-byol-1110"<br> machine_type = "n2-standard-4"<br> min_cpu_platform = "Intel Cascade Lake"<br> disk_type = "pd-ssd"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> tags = ["vmseries-autoscale"]<br> update_policy_type = "OPPORTUNISTIC"<br> cooldown_period = 480<br> bootstrap_options = [<br> panorama_server = "1.1.1.1"<br> ]<br>}</pre> | `any` | `{}` | no | | <a name="input_autoscale_regional_mig"></a> [autoscale\_regional\_mig](#input\_autoscale\_regional\_mig) | Sets the managed instance group type to either a regional (if `true`) or a zonal (if `false`).<br>For more information please see [About regional MIGs](https://cloud.google.com/compute/docs/instance-groups/regional-migs#why_choose_regional_managed_instance_groups). | `bool` | `true` | no | -| <a name="input_lbs_external"></a> [lbs\_external](#input\_lbs\_external) | A map containing each external loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_external = {<br> "external-lb" = {<br> name = "external-lb"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> rules = {<br> "all-ports" = {<br> ip_protocol = "L3_DEFAULT"<br> }<br> }<br> http_health_check_port = "80"<br> http_health_check_request_path = "/php/login.php"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_external#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_lbs_internal"></a> [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.<br>Note : private IP reservation is not by default within the example as it may overlap with autoscale IP allocation.<br><br>Example of variable deployment :<pre>lbs_internal = {<br> "internal-lb" = {<br> name = "internal-lb"<br> health_check_port = "80"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> subnetwork_key = "fw-trust-sub"<br> vpc_network_key = "fw-trust-vpc"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_internal#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_lbs_external"></a> [lbs\_external](#input\_lbs\_external) | A map containing each external loadbalancer setting.<br><br>Example of variable deployment :<pre>lbs_external = {<br> "external-lb" = {<br> name = "external-lb"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> rules = {<br> "all-ports" = {<br> ip_protocol = "L3_DEFAULT"<br> }<br> }<br> http_health_check_port = "80"<br> http_health_check_request_path = "/php/login.php"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_external#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_lbs_internal"></a> [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.<br>Note : private IP reservation is not by default within the example as it may overlap with autoscale IP allocation.<br><br>Example of variable deployment :<pre>lbs_internal = {<br> "internal-lb" = {<br> name = "internal-lb"<br> health_check_port = "80"<br> backends = ["fw-vmseries-01", "fw-vmseries-02"]<br> subnetwork_key = "fw-trust-sub"<br> vpc_network_key = "fw-trust-vpc"<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | | <a name="input_linux_vms"></a> [linux\_vms](#input\_linux\_vms) | A map containing each Linux VM configuration that will be placed in SPOKE VPCs for testing purposes.<br><br>Example of varaible deployment:<pre>linux_vms = {<br> spoke1-vm = {<br> linux_machine_type = "n2-standard-4"<br> zone = "us-east1-b"<br> linux_disk_size = "50" # Modify this value as per deployment requirements<br> vpc_network_key = "fw-spoke1-vpc"<br> subnetwork_key = "fw-spoke1-sub"<br> private_ip = "192.168.1.2"<br> scopes = [<br> "https://www.googleapis.com/auth/compute.readonly",<br> "https://www.googleapis.com/auth/cloud.useraccounts.readonly",<br> "https://www.googleapis.com/auth/devstorage.read_only",<br> "https://www.googleapis.com/auth/logging.write",<br> "https://www.googleapis.com/auth/monitoring.write",<br> ]<br> service_account_key = "sa-linux-01"<br> }<br>}</pre> | `map(any)` | `{}` | no | | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings. | `string` | `"example-"` | no | -| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> fw-mgmt-vpc = {<br> vpc_name = "fw-mgmt-vpc"<br> create_network = true<br> delete_default_routes_on_create = false<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> fw-mgmt-sub = {<br> name = "fw-mgmt-sub"<br> create_subnetwork = true<br> ip_cidr_range = "10.10.10.0/28"<br> region = "us-east1"<br> }<br> }<br> firewall_rules = {<br> allow-mgmt-ingress = {<br> name = "allow-mgmt-vpc"<br> source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Replace 1.1.1.1/32 with your own souurce IP address for management purposes.<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code. | `any` | `{}` | no | +| <a name="input_networks"></a> [networks](#input\_networks) | A map containing each network setting.<br><br>Example of variable deployment :<pre>networks = {<br> fw-mgmt-vpc = {<br> vpc_name = "fw-mgmt-vpc"<br> create_network = true<br> delete_default_routes_on_create = false<br> mtu = "1460"<br> routing_mode = "REGIONAL"<br> subnetworks = {<br> fw-mgmt-sub = {<br> name = "fw-mgmt-sub"<br> create_subnetwork = true<br> ip_cidr_range = "10.10.10.0/28"<br> region = "us-east1"<br> }<br> }<br> firewall_rules = {<br> allow-mgmt-ingress = {<br> name = "allow-mgmt-vpc"<br> source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Replace 1.1.1.1/32 with your own souurce IP address for management purposes.<br> priority = "1000"<br> allowed_protocol = "all"<br> allowed_ports = []<br> }<br> }<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)<br><br>Multiple keys can be added and will be deployed by the code. | `any` | `{}` | no | | <a name="input_project"></a> [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no | | <a name="input_region"></a> [region](#input\_region) | The region into which to deploy the infrastructure in to. | `string` | `"us-central1"` | no | | <a name="input_routes"></a> [routes](#input\_routes) | A map containing each route setting. Note that you can only add routes using a next-hop type of internal load-balance rule.<br><br>Example of variable deployment :<pre>routes = {<br> "default-route-trust" = {<br> name = "fw-default-trust"<br> destination_range = "0.0.0.0/0"<br> vpc_network_key = "fw-trust-vpc"<br> lb_internal_name = "internal-lb"<br> }<br>}</pre>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_service_accounts"></a> [service\_accounts](#input\_service\_accounts) | A map containing each service account setting.<br><br>Example of variable deployment :<pre>service_accounts = {<br> "sa-vmseries-01" = {<br> service_account_id = "sa-vmseries-01"<br> display_name = "VM-Series SA"<br> roles = [<br> "roles/compute.networkViewer",<br> "roles/logging.logWriter",<br> "roles/monitoring.metricWriter",<br> "roles/monitoring.viewer",<br> "roles/viewer"<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/iam_service_account#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | -| <a name="input_vpc_peerings"></a> [vpc\_peerings](#input\_vpc\_peerings) | A map containing each VPC peering setting.<br><br>Example of variable deployment :<pre>vpc_peerings = {<br> "trust-to-spoke1" = {<br> local_network_key = "fw-trust-vpc"<br> peer_network_key = "fw-spoke1-vpc"<br><br> local_export_custom_routes = true<br> local_import_custom_routes = true<br> local_export_subnet_routes_with_public_ip = true<br> local_import_subnet_routes_with_public_ip = true<br><br> peer_export_custom_routes = true<br> peer_import_custom_routes = true<br> peer_export_subnet_routes_with_public_ip = true<br> peer_import_subnet_routes_with_public_ip = true<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc-peering#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_service_accounts"></a> [service\_accounts](#input\_service\_accounts) | A map containing each service account setting.<br><br>Example of variable deployment :<pre>service_accounts = {<br> "sa-vmseries-01" = {<br> service_account_id = "sa-vmseries-01"<br> display_name = "VM-Series SA"<br> roles = [<br> "roles/compute.networkViewer",<br> "roles/logging.logWriter",<br> "roles/monitoring.metricWriter",<br> "roles/monitoring.viewer",<br> "roles/viewer"<br> ]<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/iam_service_account#Inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | +| <a name="input_vpc_peerings"></a> [vpc\_peerings](#input\_vpc\_peerings) | A map containing each VPC peering setting.<br><br>Example of variable deployment :<pre>vpc_peerings = {<br> "trust-to-spoke1" = {<br> local_network_key = "fw-trust-vpc"<br> peer_network_key = "fw-spoke1-vpc"<br><br> local_export_custom_routes = true<br> local_import_custom_routes = true<br> local_export_subnet_routes_with_public_ip = true<br> local_import_subnet_routes_with_public_ip = true<br><br> peer_export_custom_routes = true<br> peer_import_custom_routes = true<br> peer_export_subnet_routes_with_public_ip = true<br> peer_import_subnet_routes_with_public_ip = true<br> }<br>}</pre>For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc-peering#inputs)<br><br>Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no | ### Outputs diff --git a/examples/vpc_peering_dedicated_with_autoscale/main_test.go b/examples/vpc_peering_dedicated_with_autoscale/main_test.go index 6986c89..bb62565 100644 --- a/examples/vpc_peering_dedicated_with_autoscale/main_test.go +++ b/examples/vpc_peering_dedicated_with_autoscale/main_test.go @@ -1,10 +1,10 @@ package vpc_peering_dedicated_with_autoscale import ( - "testing" "log" + "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" "github.com/gruntwork-io/terratest/modules/logger" "github.com/gruntwork-io/terratest/modules/terraform" ) diff --git a/examples/vpc_peering_dedicated_with_autoscale/variables.tf b/examples/vpc_peering_dedicated_with_autoscale/variables.tf index d3089ea..faccd9b 100644 --- a/examples/vpc_peering_dedicated_with_autoscale/variables.tf +++ b/examples/vpc_peering_dedicated_with_autoscale/variables.tf @@ -37,7 +37,7 @@ variable "service_accounts" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/iam_service_account#Inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/iam_service_account#Inputs) Multiple keys can be added and will be deployed by the code. @@ -83,7 +83,7 @@ variable "networks" { } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc#input_networks) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks) Multiple keys can be added and will be deployed by the code. EOF @@ -115,7 +115,7 @@ variable "vpc_peerings" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc-peering#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc-peering#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -279,7 +279,7 @@ variable "lbs_internal" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_internal#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs) Multiple keys can be added and will be deployed by the code. EOF @@ -307,7 +307,7 @@ variable "lbs_external" { } } ``` - For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_external#inputs) + For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_external#inputs) Multiple keys can be added and will be deployed by the code. EOF diff --git a/go.mod b/go.mod index b77ea2b..3ca4f6e 100644 --- a/go.mod +++ b/go.mod @@ -1,9 +1,9 @@ -module github.com/PaloAltoNetworks/terraform-google-vmseries-modules +module github.com/PaloAltoNetworks/terraform-google-swfw-modules go 1.20 require ( - github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton v1.1.0 + github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton v1.2.0 github.com/gruntwork-io/terratest v0.43.6 ) diff --git a/go.sum b/go.sum index 7b13f11..1505fec 100644 --- a/go.sum +++ b/go.sum @@ -188,10 +188,10 @@ dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton v1.0.7-0.20230921084834-413e7c888833 h1:Oi8G4cCVIoGetFViwRKNrVDOGcBLtPghbYDZLObuCsg= -github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton v1.0.7-0.20230921084834-413e7c888833/go.mod h1:xxVd295BDYzQ81QhtzrXIdk2XMvWT8NdX6aAKoAqvDI= -github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton v1.1.0 h1:4BnQVUZjEitHUzGFbpzCRwUVyD652vbIau1eKwHMpJQ= -github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton v1.1.0/go.mod h1:xxVd295BDYzQ81QhtzrXIdk2XMvWT8NdX6aAKoAqvDI= +github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton v1.0.7-0.20230921084834-413e7c888833 h1:Oi8G4cCVIoGetFViwRKNrVDOGcBLtPghbYDZLObuCsg= +github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton v1.0.7-0.20230921084834-413e7c888833/go.mod h1:xxVd295BDYzQ81QhtzrXIdk2XMvWT8NdX6aAKoAqvDI= +github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton v1.1.0 h1:4BnQVUZjEitHUzGFbpzCRwUVyD652vbIau1eKwHMpJQ= +github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton v1.1.0/go.mod h1:xxVd295BDYzQ81QhtzrXIdk2XMvWT8NdX6aAKoAqvDI= github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= diff --git a/modules/autoscale/main_test.go b/modules/autoscale/main_test.go index 9c274a9..51f2366 100644 --- a/modules/autoscale/main_test.go +++ b/modules/autoscale/main_test.go @@ -3,9 +3,9 @@ package autoscale import ( "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" ) func TestValidate(t *testing.T) { testskeleton.ValidateCode(t, nil) -} \ No newline at end of file +} diff --git a/modules/bootstrap/main_test.go b/modules/bootstrap/main_test.go index a657961..565c7e0 100644 --- a/modules/bootstrap/main_test.go +++ b/modules/bootstrap/main_test.go @@ -3,9 +3,9 @@ package bootstrap import ( "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" ) func TestValidate(t *testing.T) { testskeleton.ValidateCode(t, nil) -} \ No newline at end of file +} diff --git a/modules/iam_service_account/main_test.go b/modules/iam_service_account/main_test.go index 1e77584..4668dfd 100644 --- a/modules/iam_service_account/main_test.go +++ b/modules/iam_service_account/main_test.go @@ -3,9 +3,9 @@ package iam_service_account import ( "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" ) func TestValidate(t *testing.T) { testskeleton.ValidateCode(t, nil) -} \ No newline at end of file +} diff --git a/modules/lb_external/main_test.go b/modules/lb_external/main_test.go index 486dd91..b8be1f8 100644 --- a/modules/lb_external/main_test.go +++ b/modules/lb_external/main_test.go @@ -3,9 +3,9 @@ package lb_external import ( "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" ) func TestValidate(t *testing.T) { testskeleton.ValidateCode(t, nil) -} \ No newline at end of file +} diff --git a/modules/lb_http_ext_global/main_test.go b/modules/lb_http_ext_global/main_test.go index 6bec841..ac6671e 100644 --- a/modules/lb_http_ext_global/main_test.go +++ b/modules/lb_http_ext_global/main_test.go @@ -3,9 +3,9 @@ package lb_http_ext_global import ( "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" ) func TestValidate(t *testing.T) { testskeleton.ValidateCode(t, nil) -} \ No newline at end of file +} diff --git a/modules/lb_internal/main_test.go b/modules/lb_internal/main_test.go index 335e37a..6a290d8 100644 --- a/modules/lb_internal/main_test.go +++ b/modules/lb_internal/main_test.go @@ -3,9 +3,9 @@ package lb_internal import ( "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" ) func TestValidate(t *testing.T) { testskeleton.ValidateCode(t, nil) -} \ No newline at end of file +} diff --git a/modules/panorama/main_test.go b/modules/panorama/main_test.go index 634348e..e315174 100644 --- a/modules/panorama/main_test.go +++ b/modules/panorama/main_test.go @@ -3,9 +3,9 @@ package panorama import ( "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" ) func TestValidate(t *testing.T) { testskeleton.ValidateCode(t, nil) -} \ No newline at end of file +} diff --git a/modules/vmseries/main_test.go b/modules/vmseries/main_test.go index fde315f..efe353d 100644 --- a/modules/vmseries/main_test.go +++ b/modules/vmseries/main_test.go @@ -3,9 +3,9 @@ package vmseries import ( "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" ) func TestValidate(t *testing.T) { testskeleton.ValidateCode(t, nil) -} \ No newline at end of file +} diff --git a/modules/vpc-peering/main_test.go b/modules/vpc-peering/main_test.go index 01f15fd..4d7697f 100644 --- a/modules/vpc-peering/main_test.go +++ b/modules/vpc-peering/main_test.go @@ -3,9 +3,9 @@ package vpc_peering import ( "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" ) func TestValidate(t *testing.T) { testskeleton.ValidateCode(t, nil) -} \ No newline at end of file +} diff --git a/modules/vpc/main_test.go b/modules/vpc/main_test.go index f069757..bea395f 100644 --- a/modules/vpc/main_test.go +++ b/modules/vpc/main_test.go @@ -3,9 +3,9 @@ package vpc import ( "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" ) func TestValidate(t *testing.T) { testskeleton.ValidateCode(t, nil) -} \ No newline at end of file +} diff --git a/modules/vpn/main_test.go b/modules/vpn/main_test.go index 7406c79..7df9171 100644 --- a/modules/vpn/main_test.go +++ b/modules/vpn/main_test.go @@ -3,9 +3,9 @@ package vpn import ( "testing" - "github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton" + "github.com/PaloAltoNetworks/terraform-modules-swfw-tests-skeleton/pkg/testskeleton" ) func TestValidate(t *testing.T) { testskeleton.ValidateCode(t, nil) -} \ No newline at end of file +}