kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into fast-dev

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2025-10-16 09:03:15 +00:00
parent ba2247b96f e068d6cf31
commit e9dd48f5e7
17 changed files with 179 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tests/modules/net_firewall_policy/context-g.tfvars
View File

@@ -1,6 +1,14 @@
context = {
cidr_ranges = {
rfc1918-10 = "10.0.0.0/8"
test = "8.8.8.8"
}
cidr_ranges_sets = {
rfc1918 = [
"10.0.0.0/8",
"172.16.10.0/12",
"192.168.0.0/24"
]
}
folder_ids = {
test = "folders/1234567890"
@@ -32,7 +40,7 @@ egress_rules = {
priority = 900
target_service_accounts = ["$iam_principals:test"]
match = {
destination_ranges = ["$cidr_ranges:rfc1918-10"]
destination_ranges = ["$cidr_ranges_sets:rfc1918", "10.0.0.1/32", "$cidr_ranges:test", "10.0.0.0/8"]
layer4_configs = [{ protocol = "tcp", ports = ["25"] }]
source_tags = ["$tag_values:test"]
}
@@ -45,7 +53,7 @@ ingress_rules = {
target_resources = ["$networks:test"]
target_tags = ["$tag_values:test"]
match = {
source_ranges = ["$cidr_ranges:rfc1918-10"]
source_ranges = ["$cidr_ranges_sets:rfc1918", "10.0.0.1/32", "$cidr_ranges:test", "10.0.0.0/8"]
layer4_configs = [{ protocol = "icmp" }]
}
}

8
tests/modules/net_firewall_policy/context-g.yaml
View File

@@ -36,6 +36,10 @@ values:
dest_fqdns: null
dest_ip_ranges:
- 10.0.0.0/8
- 172.16.10.0/12
- 192.168.0.0/24
- 10.0.0.1/32
- 8.8.8.8
dest_region_codes: null
dest_threat_intelligences: null
layer4_configs:
@@ -78,6 +82,10 @@ values:
src_fqdns: null
src_ip_ranges:
- 10.0.0.0/8
- 172.16.10.0/12
- 192.168.0.0/24
- 10.0.0.1/32
- 8.8.8.8
src_region_codes: null
src_secure_tags: []
src_threat_intelligences: null

12
tests/modules/net_firewall_policy/context-h.tfvars
View File

@@ -1,6 +1,14 @@
context = {
cidr_ranges = {
rfc1918-10 = "10.0.0.0/8"
test = "8.8.8.8"
}
cidr_ranges_sets = {
rfc1918 = [
"10.0.0.0/8",
"172.16.10.0/12",
"192.168.0.0/24"
]
}
folder_ids = {
test = "folders/1234567890"
@@ -30,7 +38,7 @@ egress_rules = {
smtp = {
priority = 900
match = {
destination_ranges = ["$cidr_ranges:rfc1918-10"]
destination_ranges = ["$cidr_ranges_sets:rfc1918", "10.0.0.1/32", "$cidr_ranges:test", "10.0.0.0/8"]
layer4_configs = [{ protocol = "tcp", ports = ["25"] }]
}
}
@@ -42,7 +50,7 @@ ingress_rules = {
target_resources = ["$networks:test"]
target_service_accounts = ["$iam_principals:test"]
match = {
source_ranges = ["$cidr_ranges:rfc1918-10"]
source_ranges = ["$cidr_ranges_sets:rfc1918", "10.0.0.1/32", "$cidr_ranges:test", "10.0.0.0/8"]
layer4_configs = [{ protocol = "icmp" }]
}
}

8
tests/modules/net_firewall_policy/context-h.yaml
View File

@@ -33,6 +33,10 @@ values:
dest_fqdns: null
dest_ip_ranges:
- 10.0.0.0/8
- 172.16.10.0/12
- 192.168.0.0/24
- 10.0.0.1/32
- 8.8.8.8
dest_region_codes: null
dest_threat_intelligences: null
layer4_configs:
@@ -71,6 +75,10 @@ values:
src_fqdns: null
src_ip_ranges:
- 10.0.0.0/8
- 172.16.10.0/12
- 192.168.0.0/24
- 10.0.0.1/32
- 8.8.8.8
src_region_codes: null
src_secure_tags: []
src_threat_intelligences: null

12
tests/modules/net_firewall_policy/context-r.tfvars
View File

@@ -1,6 +1,14 @@
context = {
cidr_ranges = {
rfc1918-10 = "10.0.0.0/8"
test = "8.8.8.8"
}
cidr_ranges_sets = {
rfc1918 = [
"10.0.0.0/8",
"172.16.10.0/12",
"192.168.0.0/24"
]
}
folder_ids = {
test = "folders/1234567890"
@@ -32,7 +40,7 @@ egress_rules = {
priority = 900
target_service_accounts = ["$iam_principals:test"]
match = {
destination_ranges = ["$cidr_ranges:rfc1918-10"]
destination_ranges = ["$cidr_ranges_sets:rfc1918", "10.0.0.1/32", "$cidr_ranges:test", "10.0.0.0/8"]
layer4_configs = [{ protocol = "tcp", ports = ["25"] }]
source_tags = ["$tag_values:test"]
}
@@ -45,7 +53,7 @@ ingress_rules = {
target_resources = ["$networks:test"]
target_tags = ["$tag_values:test"]
match = {
source_ranges = ["$cidr_ranges:rfc1918-10"]
source_ranges = ["$cidr_ranges_sets:rfc1918", "10.0.0.1/32", "$cidr_ranges:test", "10.0.0.0/8"]
layer4_configs = [{ protocol = "icmp" }]
}
}

8
tests/modules/net_firewall_policy/context-r.yaml
View File

@@ -38,6 +38,10 @@ values:
dest_fqdns: null
dest_ip_ranges:
- 10.0.0.0/8
- 172.16.10.0/12
- 192.168.0.0/24
- 10.0.0.1/32
- 8.8.8.8
dest_region_codes: null
dest_threat_intelligences: null
layer4_configs:
@@ -81,6 +85,10 @@ values:
src_fqdns: null
src_ip_ranges:
- 10.0.0.0/8
- 172.16.10.0/12
- 192.168.0.0/24
- 10.0.0.1/32
- 8.8.8.8
src_region_codes: null
src_secure_tags: []
src_threat_intelligences: null

26
tests/modules/net_vpc_firewall/context.tfvars
View File

@@ -1,6 +1,14 @@
context = {
cidr_ranges = {
rfc1918-10 = "10.0.0.0/8"
test = "8.8.8.8"
}
cidr_ranges_sets = {
rfc1918 = [
"10.0.0.0/8",
"172.16.10.0/12",
"192.168.0.0/24"
]
}
iam_principals = {
test = "serviceAccount:test@test-project.iam.gserviceaccount.com"
@@ -24,22 +32,20 @@ default_rules_config = {
ssh_ranges = ["$cidr_ranges:rfc1918-10"]
}
egress_rules = {
allow-egress-rfc1918 = {
deny = false
description = "Allow egress."
destination_ranges = [
"$cidr_ranges:rfc1918-10", "172.16.0.0/12", "192.168.0.0/16"
]
source_ranges = ["$cidr_ranges:rfc1918-10"]
egress-test = {
deny = false
description = "Allow egress."
destination_ranges = ["$cidr_ranges_sets:rfc1918", "10.0.0.1/32", "$cidr_ranges:test", "10.0.0.0/8"]
source_ranges = ["$cidr_ranges_sets:rfc1918", "10.0.0.1/32", "$cidr_ranges:test", "10.0.0.0/8"]
targets = ["$iam_principals:test"]
use_service_accounts = true
}
}
ingress_rules = {
allow-ingress-tag = {
ingress-test = {
description = "Allow ingress."
destination_ranges = ["$cidr_ranges:rfc1918-10"]
source_ranges = ["$cidr_ranges:rfc1918-10"]
destination_ranges = ["$cidr_ranges_sets:rfc1918", "10.0.0.1/32", "$cidr_ranges:test", "10.0.0.0/8"]
source_ranges = ["$cidr_ranges_sets:rfc1918", "10.0.0.1/32", "$cidr_ranges:test", "10.0.0.0/8"]
sources = ["$iam_principals:test"]
targets = ["$iam_principals:test"]
use_service_accounts = true

26
tests/modules/net_vpc_firewall/context.yaml
View File

@@ -99,7 +99,7 @@ values:
target_tags:
- ssh
timeouts: null
google_compute_firewall.custom-rules["allow-egress-rfc1918"]:
google_compute_firewall.custom-rules["egress-test"]:
allow:
- ports: []
protocol: all
@@ -107,25 +107,31 @@ values:
description: Allow egress.
destination_ranges:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 10.0.0.1/32
- 172.16.10.0/12
- 192.168.0.0/24
- 8.8.8.8
direction: EGRESS
disabled: false
log_config: []
name: allow-egress-rfc1918
name: egress-test
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
params: []
priority: 1000
project: foo-test-0
source_ranges:
- 10.0.0.0/8
- 10.0.0.1/32
- 172.16.10.0/12
- 192.168.0.0/24
- 8.8.8.8
source_service_accounts: null
source_tags: null
target_service_accounts:
- serviceAccount:test@test-project.iam.gserviceaccount.com
target_tags: null
timeouts: null
google_compute_firewall.custom-rules["allow-ingress-tag"]:
google_compute_firewall.custom-rules["ingress-test"]:
allow:
- ports: []
protocol: all
@@ -133,16 +139,24 @@ values:
description: Allow ingress.
destination_ranges:
- 10.0.0.0/8
- 10.0.0.1/32
- 172.16.10.0/12
- 192.168.0.0/24
- 8.8.8.8
direction: INGRESS
disabled: false
log_config: []
name: allow-ingress-tag
name: ingress-test
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
params: []
priority: 1000
project: foo-test-0
source_ranges:
- 10.0.0.0/8
- 10.0.0.1/32
- 172.16.10.0/12
- 192.168.0.0/24
- 8.8.8.8
source_service_accounts:
- serviceAccount:test@test-project.iam.gserviceaccount.com
source_tags: null