Add support for context to net-cloudnat, net-firewall-policy modules (#3414)
* net-cloudnat * net firewall policy
This commit is contained in:
Ludovico Magnocavallo
committed by
GitHub
GitHub
parent
9c61b1c30c
commit
ecdc248f3f
@@ -189,21 +189,22 @@ module "nat" {
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [name](variables.tf#L107) | Name of the Cloud NAT resource. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L112) | Project where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L117) | Region where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L121) | Name of the Cloud NAT resource. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L126) | Project where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L131) | Region where resources will be created. | <code>string</code> | ✓ | |
|
||||
| [addresses](variables.tf#L17) | Optional list of external address self links. | <code>list(string)</code> | | <code>[]</code> |
|
||||
| [config_port_allocation](variables.tf#L23) | Configuration for how to assign ports to virtual machines. min_ports_per_vm and max_ports_per_vm have no effect unless enable_dynamic_port_allocation is set to 'true'. | <code title="object({ enable_endpoint_independent_mapping = optional(bool, true) enable_dynamic_port_allocation = optional(bool, false) min_ports_per_vm = optional(number) max_ports_per_vm = optional(number, 65536) })">object({…})</code> | | <code>{}</code> |
|
||||
| [config_source_subnetworks](variables.tf#L39) | Subnetwork configuration. | <code title="object({ all = optional(bool, true) primary_ranges_only = optional(bool) subnetworks = optional(list(object({ self_link = string all_ranges = optional(bool, true) primary_range = optional(bool, false) secondary_ranges = optional(list(string)) })), []) })">object({…})</code> | | <code>{}</code> |
|
||||
| [config_timeouts](variables.tf#L69) | Timeout configurations. | <code title="object({ icmp = optional(number) tcp_established = optional(number) tcp_time_wait = optional(number) tcp_transitory = optional(number) udp = optional(number) })">object({…})</code> | | <code>{}</code> |
|
||||
| [endpoint_types](variables.tf#L82) | Specifies the endpoint Types supported by the NAT Gateway. Supported values include: ENDPOINT_TYPE_VM, ENDPOINT_TYPE_SWG, ENDPOINT_TYPE_MANAGED_PROXY_LB. | <code>list(string)</code> | | <code>null</code> |
|
||||
| [logging_filter](variables.tf#L101) | Enables logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | <code>string</code> | | <code>null</code> |
|
||||
| [router_asn](variables.tf#L122) | Router ASN used for auto-created router. | <code>number</code> | | <code>null</code> |
|
||||
| [router_create](variables.tf#L128) | Create router. | <code>bool</code> | | <code>true</code> |
|
||||
| [router_name](variables.tf#L134) | Router name, leave blank if router will be created to use auto generated name. | <code>string</code> | | <code>null</code> |
|
||||
| [router_network](variables.tf#L140) | Name of the VPC used for auto-created router. | <code>string</code> | | <code>null</code> |
|
||||
| [rules](variables.tf#L146) | List of rules associated with this NAT. | <code title="list(object({ description = optional(string) match = string source_ips = optional(list(string)) source_ranges = optional(list(string)) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [type](variables.tf#L166) | Whether this Cloud NAT is used for public or private IP translation. One of 'PUBLIC' or 'PRIVATE'. | <code>string</code> | | <code>"PUBLIC"</code> |
|
||||
| [config_port_allocation](variables.tf#L24) | Configuration for how to assign ports to virtual machines. min_ports_per_vm and max_ports_per_vm have no effect unless enable_dynamic_port_allocation is set to 'true'. | <code title="object({ enable_endpoint_independent_mapping = optional(bool, true) enable_dynamic_port_allocation = optional(bool, false) min_ports_per_vm = optional(number) max_ports_per_vm = optional(number, 65536) })">object({…})</code> | | <code>{}</code> |
|
||||
| [config_source_subnetworks](variables.tf#L40) | Subnetwork configuration. | <code title="object({ all = optional(bool, true) primary_ranges_only = optional(bool) subnetworks = optional(list(object({ self_link = string all_ranges = optional(bool, true) primary_range = optional(bool, false) secondary_ranges = optional(list(string)) })), []) })">object({…})</code> | | <code>{}</code> |
|
||||
| [config_timeouts](variables.tf#L70) | Timeout configurations. | <code title="object({ icmp = optional(number) tcp_established = optional(number) tcp_time_wait = optional(number) tcp_transitory = optional(number) udp = optional(number) })">object({…})</code> | | <code>{}</code> |
|
||||
| [context](variables.tf#L83) | Context-specific interpolations. | <code title="object({ addresses = optional(map(string), {}) locations = optional(map(string), {}) networks = optional(map(string), {}) project_ids = optional(map(string), {}) subnets = optional(map(string), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [endpoint_types](variables.tf#L96) | Specifies the endpoint Types supported by the NAT Gateway. Supported values include: ENDPOINT_TYPE_VM, ENDPOINT_TYPE_SWG, ENDPOINT_TYPE_MANAGED_PROXY_LB. | <code>list(string)</code> | | <code>null</code> |
|
||||
| [logging_filter](variables.tf#L115) | Enables logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | <code>string</code> | | <code>null</code> |
|
||||
| [router_asn](variables.tf#L136) | Router ASN used for auto-created router. | <code>number</code> | | <code>null</code> |
|
||||
| [router_create](variables.tf#L142) | Create router. | <code>bool</code> | | <code>true</code> |
|
||||
| [router_name](variables.tf#L148) | Router name, leave blank if router will be created to use auto generated name. | <code>string</code> | | <code>null</code> |
|
||||
| [router_network](variables.tf#L154) | Name of the VPC used for auto-created router. | <code>string</code> | | <code>null</code> |
|
||||
| [rules](variables.tf#L160) | List of rules associated with this NAT. | <code title="list(object({ description = optional(string) match = string source_ips = optional(list(string)) source_ranges = optional(list(string)) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||
| [type](variables.tf#L180) | Whether this Cloud NAT is used for public or private IP translation. One of 'PUBLIC' or 'PRIVATE'. | <code>string</code> | | <code>"PUBLIC"</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -15,11 +15,19 @@
|
||||
*/
|
||||
|
||||
locals {
|
||||
ctx = {
|
||||
for k, v in var.context : k => {
|
||||
for kk, vv in v : "${local.ctx_p}${k}:${kk}" => vv
|
||||
}
|
||||
}
|
||||
ctx_p = "$"
|
||||
router_name = (
|
||||
var.router_create
|
||||
? try(google_compute_router.router[0].name, null)
|
||||
: var.router_name
|
||||
)
|
||||
project_id = lookup(local.ctx.project_ids, var.project_id, var.project_id)
|
||||
region = lookup(local.ctx.locations, var.region, var.region)
|
||||
subnet_config = (
|
||||
var.config_source_subnetworks.all != true
|
||||
? "LIST_OF_SUBNETWORKS"
|
||||
@@ -34,10 +42,9 @@ locals {
|
||||
resource "google_compute_router" "router" {
|
||||
count = var.router_create ? 1 : 0
|
||||
name = var.router_name == null ? "${var.name}-nat" : var.router_name
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
network = var.router_network
|
||||
|
||||
project = local.project_id
|
||||
region = local.region
|
||||
network = lookup(local.ctx.networks, var.router_network, var.router_network)
|
||||
dynamic "bgp" {
|
||||
for_each = var.router_asn == null ? [] : [1]
|
||||
content {
|
||||
@@ -48,13 +55,15 @@ resource "google_compute_router" "router" {
|
||||
|
||||
resource "google_compute_router_nat" "nat" {
|
||||
provider = google-beta
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
project = local.project_id
|
||||
region = local.region
|
||||
name = var.name
|
||||
endpoint_types = var.endpoint_types
|
||||
type = var.type
|
||||
router = local.router_name
|
||||
nat_ips = var.addresses
|
||||
nat_ips = [
|
||||
for a in var.addresses : lookup(local.ctx.addresses, a, a)
|
||||
]
|
||||
nat_ip_allocate_option = (
|
||||
var.type == "PRIVATE"
|
||||
? null
|
||||
@@ -64,30 +73,28 @@ resource "google_compute_router_nat" "nat" {
|
||||
: "AUTO_ONLY"
|
||||
)
|
||||
)
|
||||
source_subnetwork_ip_ranges_to_nat = local.subnet_config
|
||||
icmp_idle_timeout_sec = var.config_timeouts.icmp
|
||||
udp_idle_timeout_sec = var.config_timeouts.udp
|
||||
source_subnetwork_ip_ranges_to_nat = local.subnet_config
|
||||
tcp_established_idle_timeout_sec = var.config_timeouts.tcp_established
|
||||
tcp_time_wait_timeout_sec = var.config_timeouts.tcp_time_wait
|
||||
tcp_transitory_idle_timeout_sec = var.config_timeouts.tcp_transitory
|
||||
udp_idle_timeout_sec = var.config_timeouts.udp
|
||||
enable_endpoint_independent_mapping = (
|
||||
var.config_port_allocation.enable_endpoint_independent_mapping
|
||||
)
|
||||
enable_dynamic_port_allocation = (
|
||||
var.config_port_allocation.enable_dynamic_port_allocation
|
||||
)
|
||||
log_config {
|
||||
enable = var.logging_filter == null ? false : true
|
||||
filter = var.logging_filter == null ? "ALL" : var.logging_filter
|
||||
}
|
||||
min_ports_per_vm = (
|
||||
var.config_port_allocation.min_ports_per_vm
|
||||
)
|
||||
max_ports_per_vm = (
|
||||
var.config_port_allocation.max_ports_per_vm
|
||||
)
|
||||
|
||||
log_config {
|
||||
enable = var.logging_filter == null ? false : true
|
||||
filter = var.logging_filter == null ? "ALL" : var.logging_filter
|
||||
}
|
||||
|
||||
dynamic "subnetwork" {
|
||||
for_each = toset(
|
||||
local.subnet_config == "LIST_OF_SUBNETWORKS"
|
||||
@@ -95,7 +102,9 @@ resource "google_compute_router_nat" "nat" {
|
||||
: []
|
||||
)
|
||||
content {
|
||||
name = subnetwork.value.self_link
|
||||
name = lookup(
|
||||
local.ctx.subnets, subnetwork.value.self_link, subnetwork.value.self_link
|
||||
)
|
||||
source_ip_ranges_to_nat = (
|
||||
subnetwork.value.all_ranges == true
|
||||
? ["ALL_IP_RANGES"]
|
||||
@@ -120,7 +129,6 @@ resource "google_compute_router_nat" "nat" {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "rules" {
|
||||
for_each = { for i, r in var.rules : i => r }
|
||||
content {
|
||||
|
||||
@@ -17,6 +17,7 @@
|
||||
variable "addresses" {
|
||||
description = "Optional list of external address self links."
|
||||
type = list(string)
|
||||
nullable = false
|
||||
default = []
|
||||
}
|
||||
|
||||
@@ -79,6 +80,19 @@ variable "config_timeouts" {
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "context" {
|
||||
description = "Context-specific interpolations."
|
||||
type = object({
|
||||
addresses = optional(map(string), {})
|
||||
locations = optional(map(string), {})
|
||||
networks = optional(map(string), {})
|
||||
project_ids = optional(map(string), {})
|
||||
subnets = optional(map(string), {})
|
||||
})
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "endpoint_types" {
|
||||
description = "Specifies the endpoint Types supported by the NAT Gateway. Supported values include: ENDPOINT_TYPE_VM, ENDPOINT_TYPE_SWG, ENDPOINT_TYPE_MANAGED_PROXY_LB."
|
||||
type = list(string)
|
||||
|
||||
Reference in New Issue
Block a user