GCP: Remove firewall rules when providing network project id #6219
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
barbacbd
changed the title
|
/hold |
openshift-ci
bot
added
do-not-merge/hold
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
barbacbd
force-pushed
the
skip_firewall_rules_npid
branch
from
806ec78 to
b9769dc
Compare
|
/test e2e-gcp |
|
/test gofmt |
|
/test e2e-ws |
|
/test e2e-aws |
barbacbd
force-pushed
the
skip_firewall_rules_npid
branch
from
c75827f to
782447c
Compare
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
** Added the Network Project ID data to gcp terraform vars ** Added checks to GCP terraform to set count to 0 for firewall rules when the Network Project ID is available. CORS 2039 Requires openshift#6166 ** Added a default value for the terraform value for network_project_id
barbacbd
force-pushed
the
skip_firewall_rules_npid
branch
from
782447c to
6315658
Compare
Co-authored-by: Rafael F. <[email protected]>
|
/test e2e-gcp |
| variable "gcp_network_project_id" { | ||
| type = string | ||
| description = "The project that the network and subnets exist in when they are not in the main ProjectID." | ||
| default = "" |
There was a problem hiding this comment.
I was able to deploy a cluster with default = "" instead of default = null.
|
/retest |
1 similar comment
|
/retest |
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
There was a problem hiding this comment.
Some minor changes as per my comments.
While making these changes, you might consider passing some sort of "disable firewall" parameter instead of relying on the "networkProjectID" directly in the Terraform templates. This will enable us to provision firewall rules in the future when networkProjectID is defined. However, I would not block this PR on that as enabling this functionality is technically out of scope.
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jstuever, r4f4 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest-required |
|
/test govet |
|
/test e2e-gcp |
|
/test govet |
|
/test aro-unit |
|
/test e2e-aws |
|
/test aro-unit |
|
/skip |
|
/test gofmt |
|
/test shellcheck |
|
/skip |
|
/skip |
1 similar comment
|
/skip |
|
/skip |
|
/test aro-unit |
|
/test shellcheck |
|
/test gofmt |
|
/test okd-images |
|
/test gofmt |
|
/test images |
|
@barbacbd: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
** Added the Network Project ID data to gcp terraform vars
** Added checks to GCP terraform to set count to 0 for firewall rules when
the Network Project ID is available.
CORS 2039
Requires #6166