diff --git a/modules/net-vpc-firewall/README.md b/modules/net-vpc-firewall/README.md index 235f1ebc4..8198b100e 100644 --- a/modules/net-vpc-firewall/README.md +++ b/modules/net-vpc-firewall/README.md @@ -7,6 +7,19 @@ This module allows creation and management of different types of firewall rules The predefined rules are enabled by default and set to the ranges of the GCP health checkers for HTTP/HTTPS, and the IAP forwarders for SSH. See the relevant section below on how to configure or disable them. + +- [Examples](#examples) + - [Minimal open firewall](#minimal-open-firewall) + - [Custom rules](#custom-rules) + - [Controlling or turning off default rules](#controlling-or-turning-off-default-rules) + - [Overriding default tags and ranges](#overriding-default-tags-and-ranges) + - [Disabling predefined rules](#disabling-predefined-rules) + - [Including source & destination ranges](#including-source-destination-ranges) + - [Rules Factory](#rules-factory) +- [Variables](#variables) +- [Outputs](#outputs) + + ## Examples ### Minimal open firewall diff --git a/modules/net-vpc-firewall/main.tf b/modules/net-vpc-firewall/main.tf index 5f7a95b54..f3faac9f0 100644 --- a/modules/net-vpc-firewall/main.tf +++ b/modules/net-vpc-firewall/main.tf @@ -97,7 +97,7 @@ resource "google_compute_firewall" "custom-rules" { source_ranges = ( each.value.direction == "INGRESS" ? ( - each.value.source_ranges == null + each.value.source_ranges == null && each.value.sources == null ? ["0.0.0.0/0"] : each.value.source_ranges ) diff --git a/tests/modules/net_vpc_firewall/examples/factory.yaml b/tests/modules/net_vpc_firewall/examples/factory.yaml index 389fb52a2..73a095dd0 100644 --- a/tests/modules/net_vpc_firewall/examples/factory.yaml +++ b/tests/modules/net_vpc_firewall/examples/factory.yaml @@ -53,8 +53,6 @@ values: network: my-network priority: 1000 project: my-project - source_ranges: - - 0.0.0.0/0 source_service_accounts: - service-1@my-project.iam.gserviceaccount.com source_tags: null