feat: add allowed_ip_ranges variable (#21)

jond3k · web-flow · commit b91c587706ab · 2021-10-19T14:00:28.000-04:00
diff --git a/modules/create_environment/README.md b/modules/create_environment/README.md
@@ -53,6 +53,7 @@ module "composer" {
 | subnetwork\_region | The subnetwork region of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
 | tags | Tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls. | `set(string)` | `[]` | no |
 | use\_ip\_aliases | Enable Alias IPs in the GKE cluster. If true, a VPC-native cluster is created. | `bool` | `false` | no |
+| web\_server\_allowed\_ip\_ranges | The network-level access control policy for the Airflow web server. If unspecified, no network-level access restrictions will be applied. | <pre>list(object({<br>    value       = string,<br>    description = string<br>  }))</pre> | `null` | no |
 | web\_server\_ipv4\_cidr | The CIDR block from which IP range in tenant project will be reserved for the web server. | `string` | `null` | no |
 | zone | Zone where the Cloud Composer nodes are created. | `string` | `"us-central1-f"` | no |
 
diff --git a/modules/create_environment/main.tf b/modules/create_environment/main.tf
@@ -50,6 +50,19 @@ resource "google_composer_environment" "composer_env" {
       }
     }
 
+    dynamic "web_server_network_access_control" {
+      for_each = var.web_server_allowed_ip_ranges == null ? [] : [1]
+      content {
+        dynamic "allowed_ip_range" {
+          for_each = var.web_server_allowed_ip_ranges
+          content {
+            value       = allowed_ip_range.value.value
+            description = allowed_ip_range.value.description
+          }
+        }
+      }
+    }
+
     dynamic "private_environment_config" {
       for_each = var.use_ip_aliases ? [
         {
diff --git a/modules/create_environment/variables.tf b/modules/create_environment/variables.tf
@@ -177,3 +177,12 @@ variable "kms_key_name" {
   type        = string
   default     = null
 }
+
+variable "web_server_allowed_ip_ranges" {
+  description = "The network-level access control policy for the Airflow web server. If unspecified, no network-level access restrictions will be applied."
+  default     = null
+  type = list(object({
+    value       = string,
+    description = string
+  }))
+}

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,19 @@ resource "google_composer_environment" "composer_env" {`
`50`	`50`	`}`
`51`	`51`	`}`
`52`	`52`
	`53`	`+ dynamic "web_server_network_access_control" {`
	`54`	`+ for_each = var.web_server_allowed_ip_ranges == null ? [] : [1]`
	`55`	`+ content {`
	`56`	`+ dynamic "allowed_ip_range" {`
	`57`	`+ for_each = var.web_server_allowed_ip_ranges`
	`58`	`+ content {`
	`59`	`+ value = allowed_ip_range.value.value`
	`60`	`+ description = allowed_ip_range.value.description`
	`61`	`+ }`
	`62`	`+ }`
	`63`	`+ }`
	`64`	`+ }`
	`65`	`+`
`53`	`66`	`dynamic "private_environment_config" {`
`54`	`67`	`for_each = var.use_ip_aliases ? [`
`55`	`68`	`{`