Add options to use service accounts and ip ranges in addition to tags

terraform-google-modules · Jan 20, 2020 · 8d596a3 · 8d596a3
1 parent 3525085
commit 8d596a3
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 4 deletions.
diff --git a/main.tf b/main.tf
@@ -107,8 +107,11 @@ resource "google_compute_firewall" "default-ilb-fw" {
     ports    = var.ports
   }
 
-  source_tags = var.source_tags
-  target_tags = var.target_tags
+  source_ranges           = var.source_ip_ranges
+  source_tags             = var.source_tags
+  source_service_accounts = var.source_service_accounts
+  target_tags             = var.target_tags
+  target_service_accounts = var.target_service_accounts
 }
 
 resource "google_compute_firewall" "default-hc" {
@@ -121,7 +124,8 @@ resource "google_compute_firewall" "default-hc" {
     ports    = [var.health_check["port"]]
   }
 
-  source_ranges = ["130.211.0.0/22", "35.191.0.0/16"]
-  target_tags   = var.target_tags
+  source_ranges           = ["130.211.0.0/22", "35.191.0.0/16"]
+  target_tags             = var.target_tags
+  target_service_accounts = var.target_service_accounts
 }
 
diff --git a/variables.tf b/variables.tf
@@ -86,6 +86,24 @@ variable "target_tags" {
   type        = list(string)
 }
 
+variable "source_ip_ranges" {
+  description = "List of source ip ranges for traffic between the internal load balancer."
+  type        = list(string)
+  default     = null
+}
+
+variable "source_service_accounts" {
+  description = "List of source service accounts for traffic between the internal load balancer."
+  type        = list(string)
+  default     = null
+}
+
+variable "target_service_accounts" {
+  description = "List of target service accounts for traffic between the internal load balancer."
+  type        = list(string)
+  default     = null
+}
+
 variable "ip_address" {
   description = "IP address of the internal load balancer, if empty one will be assigned. Default is empty."
   default     = null