Skip to content

fix: add catalog issue workaround for network_acls #742

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 7 commits into from
Closed

fix: add catalog issue workaround for network_acls #742

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
620a011
fix: network acl format in json
Aashiq-J Jul 24, 2025
36a7ac5
update
Aashiq-J Jul 24, 2025
5a7d875
update default value
Aashiq-J Jul 24, 2025
4c32ce3
test
Aashiq-J Jul 24, 2025
101d798
update
Aashiq-J Jul 24, 2025
2d27351
test
Aashiq-J Jul 24, 2025
0164504
Merge branch 'main' into acl
Aashiq-J Jul 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -741,11 +741,12 @@
},
{
"key": "network_acls",
"type": "array",
"default_value": "[\n {\n name = \"vpc-acl\"\n add_ibm_cloud_internal_rules = true\n add_vpc_connectivity_rules = true\n prepend_ibm_rules = true\n rules = [\n {\n name = \"allow-all-443-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n port_min = 443\n port_max = 443\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-80-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n port_min = 80\n port_max = 80\n source_port_min = 80\n source_port_max = 80\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-ingress-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n source_port_min = 30000\n source_port_max = 32767\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-443-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n source_port_min = 443\n source_port_max = 443\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-80-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n source_port_min = 80\n source_port_max = 80\n port_min = 80\n port_max = 80\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-ingress-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n port_min = 30000\n port_max = 32767\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n }\n ]\n }\n]",
"description": "The list of ACLs to create. Provide at least one rule for each ACL. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#network-acls-).",
"required": false,
"virtual": true
"custom_config": {
"type": "textarea",
"grouping": "deployment",
"original_grouping": "deployment"
}
},
{
"key": "provider_visibility",
Expand Down
125 changes: 125 additions & 0 deletions solutions/fully-configurable/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -556,3 +556,128 @@ variable "skip_ocp_secrets_manager_iam_auth_policy" {
description = "To skip creating auth policy that allows OCP cluster 'Manager' role access in the existing Secrets Manager instance for managing ingress certificates."
default = false
}

# tflint-ignore: all
variable "network_acls" {
description = "The list of ACLs to create. Provide at least one rule for each ACL. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#network-acls-)."
type = list(
object({
name = string
add_ibm_cloud_internal_rules = optional(bool)
add_vpc_connectivity_rules = optional(bool)
prepend_ibm_rules = optional(bool)
rules = list(
object({
name = string
action = string
destination = string
direction = string
source = string
tcp = optional(
object({
port_max = optional(number)
port_min = optional(number)
source_port_max = optional(number)
source_port_min = optional(number)
})
)
udp = optional(
object({
port_max = optional(number)
port_min = optional(number)
source_port_max = optional(number)
source_port_min = optional(number)
})
)
icmp = optional(
object({
type = optional(number)
code = optional(number)
})
)
})
)
})
)

default = [
{
name = "vpc-acl"
add_ibm_cloud_internal_rules = true
add_vpc_connectivity_rules = true
prepend_ibm_rules = true
rules = [
{
name = "allow-all-443-inbound"
action = "allow"
direction = "inbound"
tcp = {
port_min = 443
port_max = 443
}
destination = "0.0.0.0/0"
source = "0.0.0.0/0"
},
{
name = "allow-all-80-inbound"
action = "allow"
direction = "inbound"
tcp = {
port_min = 80
port_max = 80
source_port_min = 80
source_port_max = 80
}
destination = "0.0.0.0/0"
source = "0.0.0.0/0"
},
{
name = "allow-all-ingress-inbound"
action = "allow"
direction = "inbound"
tcp = {
source_port_min = 30000
source_port_max = 32767
}
destination = "0.0.0.0/0"
source = "0.0.0.0/0"
},
{
name = "allow-all-443-outbound"
action = "allow"
direction = "outbound"
tcp = {
source_port_min = 443
source_port_max = 443
}
destination = "0.0.0.0/0"
source = "0.0.0.0/0"
},
{
name = "allow-all-80-outbound"
action = "allow"
direction = "outbound"
tcp = {
source_port_min = 80
source_port_max = 80
port_min = 80
port_max = 80
}
destination = "0.0.0.0/0"
source = "0.0.0.0/0"
},
{
name = "allow-all-ingress-outbound"
action = "allow"
direction = "outbound"
tcp = {
port_min = 30000
port_max = 32767
}
destination = "0.0.0.0/0"
source = "0.0.0.0/0"
}
]
}
]
}