Open d-costa opened 11 months ago
I tested this out with source tags as well, we need to manually edit the firewall rule after its created to change the source filter.
We're using CDKTF, but it's still TF under the hood, our code looks like:
type ComputeFirewallRule struct {
Protocol string
Ports []string
}
type ComputeFirewall struct {
Name string
Network string
Allow []ComputeFirewallRule
SourceTags []string
TargetTags []string
SourceRanges []string
Priority int
Direction string
}
const GCPFIREWALLINGRESS = "INGRESS"
const GCPFIREWALLEGRESS = "EGRESS"
func CreateComputeFirewall(s cdktf.TerraformStack, f ComputeFirewall, projectId *string) {
var allow []ComputeFirewallAllow
for _, r := range f.Allow {
allow = append(allow, cf.ComputeFirewallAllow{
Protocol: jsii.String(r.Protocol),
Ports: jsii.Strings(r.Ports...),
})
}
computeFirewallconfig := &cf.ComputeFirewallConfig{
Name: &f.Name,
Network: &f.Network,
Allow: allow,
Project: projectId,
}
if len(f.SourceRanges) > 0 {
computeFirewallconfig.SourceRanges = jsii.Strings(f.SourceRanges...)
}
if len(f.TargetTags) > 0 {
computeFirewallconfig.TargetTags = jsii.Strings(f.TargetTags...)
}
if len(f.SourceTags) > 0 {
computeFirewallconfig.SourceTags = jsii.Strings(f.SourceTags...)
}
cf.NewComputeFirewall(s, &f.Name, computeFirewallconfig)
}
Even on a brand new firewall rule, it sets the source_ranges to 0.0.0.0/0
Community Note
modular-magician
user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned tohashibot
, a community member has claimed the issue already.Terraform Version
Affected Resource(s)
Terraform Configuration Files
First configuration:
Second configuration:
Debug Output
Panic Output
Expected Behavior
Actual Behavior
Steps to Reproduce
terraform apply
the first configterraform apply
the second configImportant Factoids
source_ranges = []
produces the same results.References
b/304967568