Skip to content

Commit

Permalink
[#13369] Format google_compute_network_firewall_policy_rule doc examp…
Browse files Browse the repository at this point in the history 
…les (GoogleCloudPlatform#7067)

Co-authored-by: Luca Prete <lucaprete@google.com>
  • Loading branch information
@LucaPrete @kimihrr
2 people authored and kimihrr committed Jan 3, 2023
1 parent dc3d273 commit a1f2608
Show file tree
Hide file tree
Showing 4 changed files with 135 additions and 117 deletions.
62 changes: 33 additions & 29 deletions tpgtools/overrides/compute/samples/networkfirewallpolicyrule/global.tf.tmpl
View file
Original file line number Diff line number Diff line change
@@ -1,45 +1,49 @@
resource "google_compute_network_firewall_policy" "basic_network_firewall_policy" {
name = "{{policy}}"
project = "{{project}}"
name = "{{policy}}"
description = "Sample global network firewall policy"
project = "{{project}}"
}

resource "google_compute_network_firewall_policy_rule" "primary" {
firewall_policy = google_compute_network_firewall_policy.basic_network_firewall_policy.name
action = "allow"
direction = "INGRESS"
priority = 1000
rule_name = "test-rule"
description = "This is a simple rule description"
match {
src_secure_tags {
name = "tagValues/${google_tags_tag_value.basic_value.name}"
}
src_ip_ranges = ["10.100.0.1/32"]
layer4_configs {
ip_protocol = "all"
}
}
target_service_accounts = ["{{test_service_account}}"]
enable_logging = true
disabled = false
action = "allow"
description = "This is a simple rule description"
direction = "INGRESS"
disabled = false
enable_logging = true
firewall_policy = google_compute_network_firewall_policy.basic_network_firewall_policy.name
priority = 1000
rule_name = "test-rule"
target_service_accounts = ["{{test_service_account}}"]

match {
src_ip_ranges = ["10.100.0.1/32"]

src_secure_tags {
name = "tagValues/${google_tags_tag_value.basic_value.name}"
}

layer4_configs {
ip_protocol = "all"
}
}
}

resource "google_compute_network" "basic_network" {
name = "{{network}}"
}

resource "google_tags_tag_key" "basic_key" {
parent = "organizations/{{org_id}}"
short_name = "{{tagkey}}"
purpose = "GCE_FIREWALL"
description = "For keyname resources."
parent = "organizations/{{org_id}}"
purpose = "GCE_FIREWALL"
short_name = "{{tagkey}}"
purpose_data = {
network= "{{project}}/${google_compute_network.basic_network.name}"
network = "{{project}}/${google_compute_network.basic_network.name}"
}
description = "For keyname resources."
}


resource "google_tags_tag_value" "basic_value" {
parent = "tagKeys/${google_tags_tag_key.basic_key.name}"
short_name = "{{tagvalue}}"
description = "For valuename resources."
description = "For valuename resources."
parent = "tagKeys/${google_tags_tag_key.basic_key.name}"
short_name = "{{tagvalue}}"
}
60 changes: 33 additions & 27 deletions tpgtools/overrides/compute/samples/networkfirewallpolicyrule/global_update.tf.tmpl
View file
Original file line number Diff line number Diff line change
@@ -1,45 +1,51 @@
resource "google_compute_network_firewall_policy" "basic_network_firewall_policy" {
name = "{{policy}}"
project = "{{project}}"
name = "{{policy}}"
description = "Sample global network firewall policy"
project = "{{project}}"
}

resource "google_compute_network_firewall_policy_rule" "primary" {
firewall_policy = google_compute_network_firewall_policy.basic_network_firewall_policy.name
action = "deny"
direction = "EGRESS"
priority = 1000
rule_name = "updated-test-rule"
description = "This is an updated rule description"
match {
layer4_configs {
ip_protocol = "tcp"
ports = ["123"]
}
dest_ip_ranges = ["0.0.0.0/0"]
}
action = "deny"
description = "This is an updated rule description"
direction = "EGRESS"
disabled = true
enable_logging = false
firewall_policy = google_compute_network_firewall_policy.basic_network_firewall_policy.name
priority = 1000
rule_name = "updated-test-rule"

match {
dest_ip_ranges = ["0.0.0.0/0"]

layer4_configs {
ip_protocol = "tcp"
ports = ["123"]
}
}

target_secure_tags {
name = "tagValues/${google_tags_tag_value.basic_value.name}"
}
enable_logging = false
disabled = true
name = "tagValues/${google_tags_tag_value.basic_value.name}"
}
}

resource "google_compute_network" "basic_network" {
name = "{{network}}"
}

resource "google_tags_tag_key" "basic_key" {
parent = "organizations/{{org_id}}"
short_name = "{{tagkey}}"
purpose = "GCE_FIREWALL"
description = "For keyname resources."
parent = "organizations/{{org_id}}"
purpose = "GCE_FIREWALL"
short_name = "{{tagkey}}"

purpose_data = {
network= "{{project}}/${google_compute_network.basic_network.name}"
network = "{{project}}/${google_compute_network.basic_network.name}"
}
description = "For keyname resources."
}


resource "google_tags_tag_value" "basic_value" {
parent = "tagKeys/${google_tags_tag_key.basic_key.name}"
short_name = "{{tagvalue}}"
description = "For valuename resources."
description = "For valuename resources."
parent = "tagKeys/${google_tags_tag_key.basic_key.name}"
short_name = "{{tagvalue}}"
}
66 changes: 35 additions & 31 deletions tpgtools/overrides/compute/samples/networkfirewallpolicyrule/regional.tf.tmpl
View file
Original file line number Diff line number Diff line change
@@ -1,48 +1,52 @@
resource "google_compute_region_network_firewall_policy" "basic_regional_network_firewall_policy" {
name = "{{policy}}"
project = "{{project}}"
name = "{{policy}}"
description = "Sample regional network firewall policy"
region = "{{region}}"
project = "{{project}}"
region = "{{region}}"
}

resource "google_compute_region_network_firewall_policy_rule" "primary" {
firewall_policy = google_compute_region_network_firewall_policy.basic_regional_network_firewall_policy.name
action = "allow"
direction = "INGRESS"
priority = 1000
rule_name = "test-rule"
description = "This is a simple rule description"
match {
src_secure_tags {
name = "tagValues/${google_tags_tag_value.basic_value.name}"
}
src_ip_ranges = ["10.100.0.1/32"]
layer4_configs {
ip_protocol = "all"
}
}
target_service_accounts = ["{{test_service_account}}"]
region = "{{region}}"
enable_logging = true
disabled = false
action = "allow"
description = "This is a simple rule description"
direction = "INGRESS"
disabled = false
enable_logging = true
firewall_policy = google_compute_region_network_firewall_policy.basic_regional_network_firewall_policy.name
priority = 1000
region = "{{region}}"
rule_name = "test-rule"
target_service_accounts = ["{{test_service_account}}"]

match {
src_ip_ranges = ["10.100.0.1/32"]

layer4_configs {
ip_protocol = "all"
}

src_secure_tags {
name = "tagValues/${google_tags_tag_value.basic_value.name}"
}
}
}

resource "google_compute_network" "basic_network" {
name = "{{network}}"
}

resource "google_tags_tag_key" "basic_key" {
parent = "organizations/{{org_id}}"
short_name = "{{tagkey}}"
purpose = "GCE_FIREWALL"
description = "For keyname resources."
parent = "organizations/{{org_id}}"
purpose = "GCE_FIREWALL"
short_name = "{{tagkey}}"

purpose_data = {
network= "{{project}}/${google_compute_network.basic_network.name}"
network = "{{project}}/${google_compute_network.basic_network.name}"
}
description = "For keyname resources."
}


resource "google_tags_tag_value" "basic_value" {
parent = "tagKeys/${google_tags_tag_key.basic_key.name}"
short_name = "{{tagvalue}}"
description = "For valuename resources."
description = "For valuename resources."
parent = "tagKeys/${google_tags_tag_key.basic_key.name}"
short_name = "{{tagvalue}}"
}
64 changes: 34 additions & 30 deletions tpgtools/overrides/compute/samples/networkfirewallpolicyrule/regional_update.tf.tmpl
View file
Original file line number Diff line number Diff line change
@@ -1,48 +1,52 @@
resource "google_compute_region_network_firewall_policy" "basic_regional_network_firewall_policy" {
name = "{{policy}}"
project = "{{project}}"
name = "{{policy}}"
description = "Sample regional network firewall policy"
region = "{{region}}"
project = "{{project}}"
region = "{{region}}"
}

resource "google_compute_region_network_firewall_policy_rule" "primary" {
firewall_policy = google_compute_region_network_firewall_policy.basic_regional_network_firewall_policy.name
action = "deny"
direction = "EGRESS"
priority = 1000
rule_name = "updated-test-rule"
description = "This is an updated rule description"
match {
layer4_configs {
ip_protocol = "tcp"
ports = ["123"]
}
dest_ip_ranges = ["0.0.0.0/0"]
}
action = "deny"
description = "This is an updated rule description"
direction = "EGRESS"
disabled = true
enable_logging = false
firewall_policy = google_compute_region_network_firewall_policy.basic_regional_network_firewall_policy.name
priority = 1000
region = "{{region}}"
rule_name = "updated-test-rule"

match {
dest_ip_ranges = ["0.0.0.0/0"]

layer4_configs {
ip_protocol = "tcp"
ports = ["123"]
}
}

target_secure_tags {
name = "tagValues/${google_tags_tag_value.basic_value.name}"
}
region = "{{region}}"
enable_logging = false
disabled = true
name = "tagValues/${google_tags_tag_value.basic_value.name}"
}
}

resource "google_compute_network" "basic_network" {
name = "{{network}}"
}

resource "google_tags_tag_key" "basic_key" {
parent = "organizations/{{org_id}}"
short_name = "{{tagkey}}"
purpose = "GCE_FIREWALL"
description = "For keyname resources."
parent = "organizations/{{org_id}}"
purpose = "GCE_FIREWALL"
short_name = "{{tagkey}}"

purpose_data = {
network= "{{project}}/${google_compute_network.basic_network.name}"
network = "{{project}}/${google_compute_network.basic_network.name}"
}
description = "For keyname resources."
}


resource "google_tags_tag_value" "basic_value" {
parent = "tagKeys/${google_tags_tag_key.basic_key.name}"
short_name = "{{tagvalue}}"
description = "For valuename resources."
description = "For valuename resources."
parent = "tagKeys/${google_tags_tag_key.basic_key.name}"
short_name = "{{tagvalue}}"
}

0 comments on commit a1f2608

Please sign in to comment.