Selectively enable logging in FAST and firewall policy module rules (#2032)

* use logging in firewall policy module examples * enable logging for selected hierarchical firewall rules
2024-01-31 09:50:35 +01:00
parent 1e06c35a1f
commit 01c7f806ce
8 changed files with 17 additions and 8 deletions
--- a/fast/stages/2-networking-a-peering/data/hierarchical-ingress-rules.yaml
+++ b/fast/stages/2-networking-a-peering/data/hierarchical-ingress-rules.yaml
@@ -22,6 +22,7 @@ allow-healthchecks:

 allow-ssh-from-iap:
  description: Enable SSH from IAP
+  enable_logging: true
  priority: 1002
  match:
    source_ranges:
--- a/fast/stages/2-networking-b-vpn/data/hierarchical-ingress-rules.yaml
+++ b/fast/stages/2-networking-b-vpn/data/hierarchical-ingress-rules.yaml
@@ -23,6 +23,7 @@ allow-healthchecks:
 allow-ssh-from-iap:
  description: Enable SSH from IAP
  priority: 1002
+  enable_logging: true
  match:
    source_ranges:
      - 35.235.240.0/20
--- a/fast/stages/2-networking-c-nva/data/hierarchical-ingress-rules.yaml
+++ b/fast/stages/2-networking-c-nva/data/hierarchical-ingress-rules.yaml
@@ -23,6 +23,7 @@ allow-healthchecks:
 allow-ssh-from-iap:
  description: Enable SSH from IAP
  priority: 1002
+  enable_logging: true
  match:
    source_ranges:
      - 35.235.240.0/20
--- a/fast/stages/2-networking-d-separate-envs/data/hierarchical-ingress-rules.yaml
+++ b/fast/stages/2-networking-d-separate-envs/data/hierarchical-ingress-rules.yaml
@@ -23,6 +23,7 @@ allow-healthchecks:
 allow-ssh-from-iap:
  description: Enable SSH from IAP
  priority: 1002
+  enable_logging: true
  match:
    source_ranges:
      - 35.235.240.0/20
--- a/fast/stages/2-networking-e-nva-bgp/data/hierarchical-ingress-rules.yaml
+++ b/fast/stages/2-networking-e-nva-bgp/data/hierarchical-ingress-rules.yaml
@@ -23,6 +23,7 @@ allow-healthchecks:
 allow-ssh-from-iap:
  description: Enable SSH from IAP
  priority: 1002
+  enable_logging: true
  match:
    source_ranges:
      - 35.235.240.0/20
--- a/modules/net-firewall-policy/README.md
+++ b/modules/net-firewall-policy/README.md
@@ -49,13 +49,15 @@ module "firewall-policy" {
      }
    }
    mgmt = {
-      priority = 1001
+      priority       = 1001
+      enable_logging = true
      match = {
        source_ranges = ["10.1.1.0/24"]
      }
    }
    ssh = {
-      priority = 1002
+      priority       = 1002
+      enable_logging = true
      match = {
        source_ranges = ["10.0.0.0/8"]
        # source_tags    = ["tagValues/123456"]
@@ -102,13 +104,15 @@ module "firewall-policy" {
      }
    }
    mgmt = {
-      priority = 1001
+      priority       = 1001
+      enable_logging = true
      match = {
        source_ranges = ["10.1.1.0/24"]
      }
    }
    ssh = {
-      priority = 1002
+      priority       = 1002
+      enable_logging = true
      match = {
        source_ranges = ["10.0.0.0/8"]
        # source_tags    = ["tagValues/123456"]
--- a/tests/modules/net_firewall_policy/examples/global-net.yaml
+++ b/tests/modules/net_firewall_policy/examples/global-net.yaml
@@ -79,7 +79,7 @@ values:
    action: allow
    direction: INGRESS
    disabled: false
-    enable_logging: null
+    enable_logging: True
    firewall_policy: test-1
    match:
    - dest_address_groups: null
@@ -106,7 +106,7 @@ values:
    action: allow
    direction: INGRESS
    disabled: false
-    enable_logging: null
+    enable_logging: True
    firewall_policy: test-1
    match:
    - dest_address_groups: null
--- a/tests/modules/net_firewall_policy/examples/hierarchical.yaml
+++ b/tests/modules/net_firewall_policy/examples/hierarchical.yaml
@@ -74,7 +74,7 @@ values:
    description: null
    direction: INGRESS
    disabled: false
-    enable_logging: null
+    enable_logging: True
    match:
    - dest_address_groups: null
      dest_fqdns: null
@@ -98,7 +98,7 @@ values:
    description: null
    direction: INGRESS
    disabled: false
-    enable_logging: null
+    enable_logging: True
    match:
    - dest_address_groups: null
      dest_fqdns: null