Merge pull request #2 from terraform-google-modules/master

update

Author: bharathkkb

README.md

@@ -155,8 +155,10 @@ The routes list contains maps, where each object represents a route. For the nex
 
 ## Requirements
 ### Installed Software
-- [Terraform](https://www.terraform.io/downloads.html) ~> 0.12.0
-- [Terraform Provider for GCP][terraform-provider-google] ~> 2.19.0
+- [Terraform](https://www.terraform.io/downloads.html) ~> 0.12.6
+- [Terraform Provider for GCP](https://github.com/terraform-providers/terraform-provider-google) ~> 2.19
+- [Terraform Provider for GCP Beta](https://github.com/terraform-providers/terraform-provider-google-beta) ~>
+  2.19
 - [gcloud](https://cloud.google.com/sdk/gcloud/) >243.0.0
 
 ### Configure a Service Account

examples/delete_default_gateway_routes/versions.tf

@@ -15,5 +15,5 @@
  */
 
 terraform {
-  required_version = "~> 0.12.0"
+  required_version = "~> 0.12.6"
 }

examples/multi_vpc/versions.tf

@@ -15,5 +15,5 @@
  */
 
 terraform {
-  required_version = "~> 0.12.0"
+  required_version = "~> 0.12.6"
 }

examples/secondary_ranges/versions.tf

@@ -15,5 +15,5 @@
  */
 
 terraform {
-  required_version = "~> 0.12.0"
+  required_version = "~> 0.12.6"
 }

examples/simple_project/versions.tf

@@ -15,5 +15,5 @@
  */
 
 terraform {
-  required_version = "~> 0.12.0"
+  required_version = "~> 0.12.6"
 }

examples/simple_project_with_regional_network/versions.tf

@@ -15,5 +15,5 @@
  */
 
 terraform {
-  required_version = "~> 0.12.0"
+  required_version = "~> 0.12.6"
 }

examples/submodule_firewall/main.tf

@@ -48,21 +48,96 @@ module "test-vpc-module" {
   ]
 }
 
+// Custom firewall rules
+locals {
+  custom_rules = {
+    // Example of custom tcp/udp rule
+    deny-ingress-6534-6566 = {
+      description          = "Deny all INGRESS to port 6534-6566"
+      direction            = "INGRESS"
+      action               = "deny"
+      ranges               = ["0.0.0.0/0"] # source or destination ranges (depends on `direction`)
+      use_service_accounts = false         # if `true` targets/sources expect list of instances SA, if false - list of tags
+      targets              = null          # target_service_accounts or target_tags depends on `use_service_accounts` value
+      sources              = null          # source_service_accounts or source_tags depends on `use_service_accounts` value
+      rules = [{
+        protocol = "tcp"
+        ports    = ["6534-6566"]
+        },
+        {
+          protocol = "udp"
+          ports    = ["6534-6566"]
+      }]
+
+      extra_attributes = {
+        disabled = true
+        priority = 95
+      }
+    }
+
+    // Example how to allow connection from instances with `backend` tag, to instances with `databases` tag
+    allow-backend-to-databases = {
+      description          = "Allow backend nodes connection to databases instances"
+      direction            = "INGRESS"
+      action               = "allow"
+      ranges               = null
+      use_service_accounts = false
+      targets              = ["databases"] # target_tags
+      sources              = ["backed"]    # source_tags
+      rules = [{
+        protocol = "tcp"
+        ports    = ["3306", "5432", "1521", "1433"]
+      }]
+
+      extra_attributes = {}
+    }
+
+    // Example how to allow connection from an instance with a given service account
+    allow-all-admin-sa = {
+      description          = "Allow all traffic from admin sa instances"
+      direction            = "INGRESS"
+      action               = "allow"
+      ranges               = null
+      use_service_accounts = true
+      targets              = null
+      sources              = ["[email protected]"]
+      rules = [{
+        protocol = "tcp"
+        ports    = null # all ports
+        },
+        {
+          protocol = "udp"
+          ports    = null # all ports
+        }
+      ]
+      extra_attributes = {
+        priority = 30
+      }
+    }
+  }
+}
+
+
+
 module "test-firewall-submodule" {
   source                  = "../../modules/fabric-net-firewall"
   project_id              = var.project_id
   network                 = module.test-vpc-module.network_name
   internal_ranges_enabled = true
   internal_ranges         = module.test-vpc-module.subnets_ips
 
-  internal_allow = [{
-    protocol = "icmp"
+  internal_allow = [
+    {
+      protocol = "icmp"
     },
     {
-      protocol = "tcp"
+      protocol = "tcp",
+      ports    = ["8080", "1000-2000"]
     },
     {
       protocol = "udp"
+      # all ports will be opened if `ports` key isn't specified
     },
   ]
+  custom_rules = local.custom_rules
 }

examples/submodule_firewall/versions.tf

@@ -15,5 +15,5 @@
  */
 
 terraform {
-  required_version = "~> 0.12.0"
+  required_version = "~> 0.12.6"
 }

examples/submodule_network_peering/main.tf

@@ -14,6 +14,18 @@
  * limitations under the License.
  */
 
+provider "google" {
+  version = "~> 2.19.0"
+}
+
+provider "google-beta" {
+  version = "~> 2.19.0"
+}
+
+provider "null" {
+  version = "~> 2.1"
+}
+
 module "local-network" {
   source       = "../../"
   project_id   = var.project_id

examples/submodule_network_peering/versions.tf

@@ -15,5 +15,5 @@
  */
 
 terraform {
-  required_version = "~> 0.12.0"
+  required_version = "~> 0.12.6"
 }