From bfd7648fc466f8462b7b7a3b7a8936823d7889a1 Mon Sep 17 00:00:00 2001 From: Ryan Thompson Date: Thu, 14 Sep 2023 19:51:21 -0600 Subject: [PATCH] fix: Adds pass-through variables for ipv6 1. ipv6 support was added to the inner VPC module but the capability to pass values from the root module was missing. 2. Updated README to reflect new options. --- README.md | 2 ++ main.tf | 2 ++ variables.tf | 12 ++++++++++++ 3 files changed, 16 insertions(+) diff --git a/README.md b/README.md index 545a4d08..932b3aba 100644 --- a/README.md +++ b/README.md @@ -103,8 +103,10 @@ Then perform the following commands on the root folder: | delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | `bool` | `false` | no | | description | An optional description of this resource. The resource must be recreated to modify this field. | `string` | `""` | no | | egress\_rules | List of egress rules. This will be ignored if variable 'rules' is non-empty |
list(object({
name = string
description = optional(string, null)
priority = optional(number, null)
destination_ranges = optional(list(string), [])
source_ranges = optional(list(string), [])
source_tags = optional(list(string))
source_service_accounts = optional(list(string))
target_tags = optional(list(string))
target_service_accounts = optional(list(string))

allow = optional(list(object({
protocol = string
ports = optional(list(string))
})), [])
deny = optional(list(object({
protocol = string
ports = optional(list(string))
})), [])
log_config = optional(object({
metadata = string
}))
}))
| `[]` | no | +| enable\_ipv6\_ula | Enabled IPv6 ULA, this is a permenant change and cannot be undone! (default 'false') | `bool` | `false` | no | | firewall\_rules | This is DEPRICATED and available for backward compatiblity. Use ingress\_rules and egress\_rules variables. List of firewall rules |
list(object({
name = string
description = optional(string, null)
direction = optional(string, "INGRESS")
priority = optional(number, null)
ranges = optional(list(string), [])
source_tags = optional(list(string))
source_service_accounts = optional(list(string))
target_tags = optional(list(string))
target_service_accounts = optional(list(string))

allow = optional(list(object({
protocol = string
ports = optional(list(string))
})), [])
deny = optional(list(object({
protocol = string
ports = optional(list(string))
})), [])
log_config = optional(object({
metadata = string
}))
}))
| `[]` | no | | ingress\_rules | List of ingress rules. This will be ignored if variable 'rules' is non-empty |
list(object({
name = string
description = optional(string, null)
priority = optional(number, null)
destination_ranges = optional(list(string), [])
source_ranges = optional(list(string), [])
source_tags = optional(list(string))
source_service_accounts = optional(list(string))
target_tags = optional(list(string))
target_service_accounts = optional(list(string))

allow = optional(list(object({
protocol = string
ports = optional(list(string))
})), [])
deny = optional(list(object({
protocol = string
ports = optional(list(string))
})), [])
log_config = optional(object({
metadata = string
}))
}))
| `[]` | no | +| internal\_ipv6\_range | When enabling IPv6 ULA, optionally, specify a /48 from fd20::/20 (default null) | `string` | `null` | no | | mtu | The network MTU (If set to 0, meaning MTU is unset - defaults to '1460'). Recommended values: 1460 (default for historic reasons), 1500 (Internet default), or 8896 (for Jumbo packets). Allowed are all values in the range 1300 to 8896, inclusively. | `number` | `0` | no | | network\_firewall\_policy\_enforcement\_order | Set the order that Firewall Rules and Firewall Policies are evaluated. Valid values are `BEFORE_CLASSIC_FIREWALL` and `AFTER_CLASSIC_FIREWALL`. (default null or equivalent to `AFTER_CLASSIC_FIREWALL`) | `string` | `null` | no | | network\_name | The name of the network being created | `string` | n/a | yes | diff --git a/main.tf b/main.tf index 785b1889..e52852f0 100644 --- a/main.tf +++ b/main.tf @@ -27,6 +27,8 @@ module "vpc" { shared_vpc_host = var.shared_vpc_host delete_default_internet_gateway_routes = var.delete_default_internet_gateway_routes mtu = var.mtu + enable_ipv6_ula = var.enable_ipv6_ula + internal_ipv6_range = var.internal_ipv6_range network_firewall_policy_enforcement_order = var.network_firewall_policy_enforcement_order } diff --git a/variables.tf b/variables.tf index 2e42414e..0514e636 100644 --- a/variables.tf +++ b/variables.tf @@ -179,6 +179,18 @@ variable "egress_rules" { })) } +variable "enable_ipv6_ula" { + type = bool + description = "Enabled IPv6 ULA, this is a permenant change and cannot be undone! (default 'false')" + default = false +} + +variable "internal_ipv6_range" { + type = string + default = null + description = "When enabling IPv6 ULA, optionally, specify a /48 from fd20::/20 (default null)" +} + variable "network_firewall_policy_enforcement_order" { type = string default = null