rileykarson
commented
1 year ago Note: This request is for a plural firewall resource i.e. google_compute_firewalls
Open marcus-kempe opened 5 years ago
rileykarson
commented
1 year ago Note: This request is for a plural firewall resource i.e. google_compute_firewalls
Community Note
Description
In much the same way as it is possible to have complete control over all IAM bindings within an organization (google_organization_iam_binding vs google_organization_iam_policy), it would be great to have a resource that represent all firewall rules within a VPC.
Now unfortunately the current resource that is used to represent firewall rules is kind of incorrectly named google_compute_firewall. It should likely have been called google_compute_firewall_rule instead (analogous to google_app_engine_firewall_rule). If it were, it would have made sense to have an aggregation resource called google_compute_firewall that instead maintains state of all rules within a VPCs firewall, which is also analogous to the naming convention in cloud console.
I realize that it is likely hard to change the name of the current resource, but it would be great if there was another good solution to the same problem (I'm a little at loss thinking of another resource name that would work instead).
My use case for this is primarily to make certain that there is no configuration drift between the repository and the actual firewall, which can then be monitored for compliance reasons.
New or Affected Resource(s)
b/356665445