Skip to content

Commit f4eff27

Browse files
ludooludoo
committed
rename custom rules variable, fix tag-based egress
1 parent 0db0d90 commit f4eff27

File tree

3 files changed

+36
-5
lines changed

3 files changed

+36
-5
lines changed

modules/fabric-net-firewall/main.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -109,17 +109,17 @@ resource "google_compute_firewall" "allow-tag-https" {
109109
# dynamic rules #
110110
################################################################################
111111

112-
resource "google_compute_firewall" "dynamic" {
112+
resource "google_compute_firewall" "custom" {
113113
# provider = "google-beta"
114-
for_each = var.dynamic_rules
114+
for_each = var.custom_rules
115115
name = each.key
116116
description = each.value.description
117117
direction = each.value.direction
118118
network = var.network
119119
project = var.project_id
120120
source_ranges = each.value.direction == "INGRESS" ? each.value.ranges : null
121121
destination_ranges = each.value.direction == "EGRESS" ? each.value.ranges : null
122-
source_tags = each.value.use_service_accounts ? null : each.value.sources
122+
source_tags = each.value.use_service_accounts || each.value.direction == "EGRESS" ? null : each.value.sources
123123
target_tags = each.value.use_service_accounts ? null : each.value.targets
124124
source_service_accounts = each.value.use_service_accounts ? each.value.sources : null
125125
target_service_accounts = each.value.use_service_accounts ? each.value.targets : null

modules/fabric-net-firewall/outputs.tf

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,3 +32,34 @@ output "admin_ranges" {
3232
}
3333
}
3434

35+
output "custom_ingress_allow_rules" {
36+
description = "Custom ingress rules with allow blocks."
37+
value = [
38+
for rule in google_compute_firewall.custom :
39+
rule.name if rule.direction == "INGRESS" && length(rule.allow) > 0
40+
]
41+
}
42+
43+
output "custom_ingress_deny_rules" {
44+
description = "Custom ingress rules with deny blocks."
45+
value = [
46+
for rule in google_compute_firewall.custom :
47+
rule.name if rule.direction == "INGRESS" && length(rule.deny) > 0
48+
]
49+
}
50+
51+
output "custom_egress_allow_rules" {
52+
description = "Custom egress rules with allow blocks."
53+
value = [
54+
for rule in google_compute_firewall.custom :
55+
rule.name if rule.direction == "EGRESS" && length(rule.allow) > 0
56+
]
57+
}
58+
59+
output "custom_egress_deny_rules" {
60+
description = "Custom egress rules with allow blocks."
61+
value = [
62+
for rule in google_compute_firewall.custom :
63+
rule.name if rule.direction == "EGRESS" && length(rule.deny) > 0
64+
]
65+
}

modules/fabric-net-firewall/variables.tf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -66,8 +66,8 @@ variable "https_source_ranges" {
6666
default = ["0.0.0.0/0"]
6767
}
6868

69-
variable "dynamic_rules" {
70-
description = "List of dynamic rule definitions."
69+
variable "custom_rules" {
70+
description = "List of custom rule definitions."
7171
type = map(object({
7272
description = string
7373
direction = string

0 commit comments

Comments
 (0)