kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use single resource for custom rules in firwall module

Browse Source
This commit is contained in:
Julio Castillo
2021-10-04 12:06:31 +02:00
parent 0bac954287
commit d3e8b5e35e
3 changed files with 40 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
modules/net-vpc-firewall/outputs.tf
View File

@@ -26,31 +26,42 @@ output "admin_ranges" {
output "custom_ingress_allow_rules" {
description = "Custom ingress rules with allow blocks."
value = [
for rule in google_compute_firewall.custom_allow :
rule.name if rule.direction == "INGRESS"
for rule in google_compute_firewall.custom-rules :
rule.name if rule.direction == "INGRESS" && try(length(rule.allow), 0) > 0
]
}
output "custom_ingress_deny_rules" {
description = "Custom ingress rules with deny blocks."
value = [
for rule in google_compute_firewall.custom_deny :
rule.name if rule.direction == "INGRESS"
for rule in google_compute_firewall.custom-rules :
rule.name if rule.direction == "INGRESS" && try(length(rule.deny), 0) > 0
]
}
output "custom_egress_allow_rules" {
description = "Custom egress rules with allow blocks."
value = [
for rule in google_compute_firewall.custom_allow :
rule.name if rule.direction == "EGRESS"
for rule in google_compute_firewall.custom-rules :
rule.name if rule.direction == "EGRESS" && try(length(rule.allow), 0) > 0
]
}
output "custom_egress_deny_rules" {
description = "Custom egress rules with allow blocks."
value = [
for rule in google_compute_firewall.custom_deny :
rule.name if rule.direction == "EGRESS"
for rule in google_compute_firewall.custom-rules :
rule.name if rule.direction == "EGRESS" && try(length(rule.deny), 0) > 0
]
}
output "rules" {
description = "All google_compute_firewall resources created."
value = merge(
google_compute_firewall.custom-rules,
try({ (google_compute_firewall.allow-admins.0.name) = google_compute_firewall.allow-admins.0 }, {}),
try({ (google_compute_firewall.allow-tag-ssh.0.name) = google_compute_firewall.allow-tag-ssh.0 }, {}),
try({ (google_compute_firewall.allow-tag-http.0.name) = google_compute_firewall.allow-tag-http.0 }, {}),
try({ (google_compute_firewall.allow-tag-https.0.name) = google_compute_firewall.allow-tag-https.0 }, {})
)
}