logging for default ingress rules in FAST (#2030)

* Add default ingress deny rule with logging to FAST net stages. Fixes #2024 * Allow firewall factory to omit rules key * Fix tests * Fix fast tests * fix fast tests
2024-01-30 17:53:01 +01:00
parent 7b58114d65
commit da95434308
22 changed files with 161 additions and 17 deletions
--- a/modules/net-vpc-firewall/main.tf
+++ b/modules/net-vpc-firewall/main.tf
@@ -1,5 +1,5 @@
 /**
- * Copyright 2022 Google LLC
+ * Copyright 2024 Google LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -27,7 +27,7 @@ locals {
        for name, rule in ruleset : {
          name                 = name
          deny                 = try(rule.deny, false)
-          rules                = try(rule.rules, [{ protocol = "all" }])
+          rules                = try(rule.rules, [{ protocol = "all", ports = null }])
          description          = try(rule.description, null)
          destination_ranges   = try(rule.destination_ranges, null)
          direction            = upper(direction)