From f0ed3841db91697a4ed2796a15a7c748ed11d725 Mon Sep 17 00:00:00 2001
From: Esanim <17294241+Esanim@users.noreply.github.com>
Date: Fri, 1 Mar 2024 12:23:57 +0100
Subject: [PATCH] feat: add network_firewall_policy_enforcement_order network
argument
BREAKING CHANGE: drop support for google provider <5.0
---
README.md | 8 +++++++-
README.tfdoc.hcl | 10 +++++++++-
main.tf | 13 +++++++------
test/unit-complete/_generated_google.tf | 4 ++--
test/unit-complete/main.tf | 19 ++++++++++---------
test/unit-disabled/_generated_google.tf | 4 ++--
test/unit-minimal/_generated_google.tf | 4 ++--
variables.tf | 6 ++++++
versions.tf | 2 +-
versions.tm.hcl | 2 +-
10 files changed, 47 insertions(+), 25 deletions(-)
diff --git a/README.md b/README.md
index a7d5be9..5e22322 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@
A [Terraform](https://www.terraform.io) module to create a [Google Network Vpc](https://cloud.google.com/compute/docs/reference/rest/v1/networks) on [Google Cloud Services (GCP)](https://cloud.google.com/).
**_This module supports Terraform version 1
-and is compatible with the Terraform Google Provider version 4._** and 5._**
+and is compatible with the Terraform Google Provider version 5._**
This module is part of our Infrastructure as Code (IaC) framework
that enables our users and customers to easily deploy and manage reusable,
@@ -96,6 +96,12 @@ See [variables.tf] and [examples/] for details and use-cases.
Default is `"1460"`.
+- [**`network_firewall_policy_enforcement_order`**](#var-network_firewall_policy_enforcement_order): *(Optional `string`)*
+
+ Set the order that Firewall Rules and Firewall Policies are evaluated. Default value is AFTER_CLASSIC_FIREWALL. Possible values are: BEFORE_CLASSIC_FIREWALL, AFTER_CLASSIC_FIREWALL.
+
+ Default is `null`.
+
- [**`enable_ula_internal_ipv6`**](#var-enable_ula_internal_ipv6): *(Optional `bool`)*
Enable ULA internal ipv6 on this network. Enabling this feature will assign a `/48` from Google defined ULA prefix `fd20::/20`.
diff --git a/README.tfdoc.hcl b/README.tfdoc.hcl
index c03cfcb..9ad0fb5 100644
--- a/README.tfdoc.hcl
+++ b/README.tfdoc.hcl
@@ -40,7 +40,7 @@ section {
A [Terraform](https://www.terraform.io) module to create a [Google Network Vpc](https://cloud.google.com/compute/docs/reference/rest/v1/networks) on [Google Cloud Services (GCP)](https://cloud.google.com/).
**_This module supports Terraform version 1
- and is compatible with the Terraform Google Provider version 4._** and 5._**
+ and is compatible with the Terraform Google Provider version 5._**
This module is part of our Infrastructure as Code (IaC) framework
that enables our users and customers to easily deploy and manage reusable,
@@ -134,6 +134,14 @@ section {
END
}
+ variable "network_firewall_policy_enforcement_order" {
+ type = string
+ default = null
+ description = <<-END
+ Set the order that Firewall Rules and Firewall Policies are evaluated. Default value is AFTER_CLASSIC_FIREWALL. Possible values are: BEFORE_CLASSIC_FIREWALL, AFTER_CLASSIC_FIREWALL.
+ END
+ }
+
variable "enable_ula_internal_ipv6" {
type = bool
default = false
diff --git a/main.tf b/main.tf
index 36984a7..19f986a 100644
--- a/main.tf
+++ b/main.tf
@@ -5,12 +5,13 @@ resource "google_compute_network" "vpc" {
description = var.description
project = var.project
- auto_create_subnetworks = var.auto_create_subnetworks
- routing_mode = var.routing_mode
- mtu = var.mtu
- delete_default_routes_on_create = var.delete_default_routes_on_create
- enable_ula_internal_ipv6 = var.enable_ula_internal_ipv6
- internal_ipv6_range = var.internal_ipv6_range
+ auto_create_subnetworks = var.auto_create_subnetworks
+ routing_mode = var.routing_mode
+ mtu = var.mtu
+ delete_default_routes_on_create = var.delete_default_routes_on_create
+ enable_ula_internal_ipv6 = var.enable_ula_internal_ipv6
+ internal_ipv6_range = var.internal_ipv6_range
+ network_firewall_policy_enforcement_order = var.network_firewall_policy_enforcement_order
depends_on = [var.module_depends_on]
}
diff --git a/test/unit-complete/_generated_google.tf b/test/unit-complete/_generated_google.tf
index ea22427..07b1033 100644
--- a/test/unit-complete/_generated_google.tf
+++ b/test/unit-complete/_generated_google.tf
@@ -24,11 +24,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.25, <6"
+ version = ">= 5, <6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.25, <6"
+ version = ">= 5, <6"
}
random = {
source = "hashicorp/random"
diff --git a/test/unit-complete/main.tf b/test/unit-complete/main.tf
index 8dbd367..3b9ea17 100644
--- a/test/unit-complete/main.tf
+++ b/test/unit-complete/main.tf
@@ -1,13 +1,14 @@
module "test" {
source = "../.."
- project = local.project_id
- name = "vpc-unit-complete"
- description = "This is a unit test"
- routing_mode = "GLOBAL"
- delete_default_routes_on_create = true
- auto_create_subnetworks = true
- mtu = 1500
- enable_ula_internal_ipv6 = true
- internal_ipv6_range = "fd20:fff:ffff:ffff:ffff:ffff:ffff:ffff"
+ project = local.project_id
+ name = "vpc-unit-complete"
+ description = "This is a unit test"
+ routing_mode = "GLOBAL"
+ delete_default_routes_on_create = true
+ auto_create_subnetworks = true
+ mtu = 1500
+ enable_ula_internal_ipv6 = true
+ internal_ipv6_range = "fd20:fff:ffff:ffff:ffff:ffff:ffff:ffff"
+ network_firewall_policy_enforcement_order = "BEFORE_CLASSIC_FIREWALL"
}
diff --git a/test/unit-disabled/_generated_google.tf b/test/unit-disabled/_generated_google.tf
index 4e56692..fa60408 100644
--- a/test/unit-disabled/_generated_google.tf
+++ b/test/unit-disabled/_generated_google.tf
@@ -24,11 +24,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.25, <6"
+ version = ">= 5, <6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.25, <6"
+ version = ">= 5, <6"
}
random = {
source = "hashicorp/random"
diff --git a/test/unit-minimal/_generated_google.tf b/test/unit-minimal/_generated_google.tf
index 9579d59..bed3f25 100644
--- a/test/unit-minimal/_generated_google.tf
+++ b/test/unit-minimal/_generated_google.tf
@@ -24,11 +24,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "4.25"
+ version = "5"
}
google-beta = {
source = "hashicorp/google-beta"
- version = "4.25"
+ version = "5"
}
random = {
source = "hashicorp/random"
diff --git a/variables.tf b/variables.tf
index 997f3d3..7481485 100644
--- a/variables.tf
+++ b/variables.tf
@@ -54,6 +54,12 @@ variable "auto_create_subnetworks" {
default = false
}
+variable "network_firewall_policy_enforcement_order" {
+ description = "(Optional) Set the order that Firewall Rules and Firewall Policies are evaluated. Default value is AFTER_CLASSIC_FIREWALL. Possible values are: BEFORE_CLASSIC_FIREWALL, AFTER_CLASSIC_FIREWALL."
+ type = string
+ default = null
+}
+
variable "mtu" {
description = "(Optional) Maximum Transmission Unit in bytes. The minimum value for this field is 1460 and the maximum value is 1500 bytes. Default is '1460'."
type = string
diff --git a/versions.tf b/versions.tf
index d94a2f6..1bb66ca 100644
--- a/versions.tf
+++ b/versions.tf
@@ -5,7 +5,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.25, <6"
+ version = ">= 5, <6"
}
}
}
diff --git a/versions.tm.hcl b/versions.tm.hcl
index 35918a9..bd9e5f3 100644
--- a/versions.tm.hcl
+++ b/versions.tm.hcl
@@ -2,7 +2,7 @@ globals {
minimum_terraform_version = "1.0"
provider = "google"
- minimum_provider_version = "4.25"
+ minimum_provider_version = "5"
provider_version_constraint = ">= ${global.minimum_provider_version}, <6"
terraform_version_constraint = "~> ${global.minimum_terraform_version}, != 1.1.0, != 1.1.1"