Merge pull request #22 from mineiros-io/lukas/updade-network-properties

feat: add network_firewall_policy_enforcement_order network argument
mineiros-io · Mar 1, 2024 · af54a40 · af54a40
2 parents 6e49cfa + f0ed384
commit af54a40
Show file tree

Hide file tree

Showing 10 changed files with 47 additions and 25 deletions.
diff --git a/README.md b/README.md
@@ -11,7 +11,7 @@
 A [Terraform](https://www.terraform.io) module to create a [Google Network Vpc](https://cloud.google.com/compute/docs/reference/rest/v1/networks) on [Google Cloud Services (GCP)](https://cloud.google.com/).
 
 **_This module supports Terraform version 1
-and is compatible with the Terraform Google Provider version 4._** and 5._**
+and is compatible with the Terraform Google Provider version 5._**
 
 This module is part of our Infrastructure as Code (IaC) framework
 that enables our users and customers to easily deploy and manage reusable,
@@ -96,6 +96,12 @@ See [variables.tf] and [examples/] for details and use-cases.
 
   Default is `"1460"`.
 
+- [**`network_firewall_policy_enforcement_order`**](#var-network_firewall_policy_enforcement_order): *(Optional `string`)*<a name="var-network_firewall_policy_enforcement_order"></a>
+
+  Set the order that Firewall Rules and Firewall Policies are evaluated. Default value is AFTER_CLASSIC_FIREWALL. Possible values are: BEFORE_CLASSIC_FIREWALL, AFTER_CLASSIC_FIREWALL.
+
+  Default is `null`.
+
 - [**`enable_ula_internal_ipv6`**](#var-enable_ula_internal_ipv6): *(Optional `bool`)*<a name="var-enable_ula_internal_ipv6"></a>
 
   Enable ULA internal ipv6 on this network. Enabling this feature will assign a `/48` from Google defined ULA prefix `fd20::/20`.

diff --git a/README.tfdoc.hcl b/README.tfdoc.hcl
@@ -40,7 +40,7 @@ section {
     A [Terraform](https://www.terraform.io) module to create a [Google Network Vpc](https://cloud.google.com/compute/docs/reference/rest/v1/networks) on [Google Cloud Services (GCP)](https://cloud.google.com/).
 
     **_This module supports Terraform version 1
-    and is compatible with the Terraform Google Provider version 4._** and 5._**
+    and is compatible with the Terraform Google Provider version 5._**
 
     This module is part of our Infrastructure as Code (IaC) framework
     that enables our users and customers to easily deploy and manage reusable,
@@ -134,6 +134,14 @@ section {
           END
         }
 
+        variable "network_firewall_policy_enforcement_order" {
+          type        = string
+          default     = null
+          description = <<-END
+            Set the order that Firewall Rules and Firewall Policies are evaluated. Default value is AFTER_CLASSIC_FIREWALL. Possible values are: BEFORE_CLASSIC_FIREWALL, AFTER_CLASSIC_FIREWALL.
+          END
+        }
+
         variable "enable_ula_internal_ipv6" {
           type        = bool
           default     = false

diff --git a/main.tf b/main.tf
@@ -5,12 +5,13 @@ resource "google_compute_network" "vpc" {
   description = var.description
   project     = var.project
 
-  auto_create_subnetworks         = var.auto_create_subnetworks
-  routing_mode                    = var.routing_mode
-  mtu                             = var.mtu
-  delete_default_routes_on_create = var.delete_default_routes_on_create
-  enable_ula_internal_ipv6        = var.enable_ula_internal_ipv6
-  internal_ipv6_range             = var.internal_ipv6_range
+  auto_create_subnetworks                   = var.auto_create_subnetworks
+  routing_mode                              = var.routing_mode
+  mtu                                       = var.mtu
+  delete_default_routes_on_create           = var.delete_default_routes_on_create
+  enable_ula_internal_ipv6                  = var.enable_ula_internal_ipv6
+  internal_ipv6_range                       = var.internal_ipv6_range
+  network_firewall_policy_enforcement_order = var.network_firewall_policy_enforcement_order
 
   depends_on = [var.module_depends_on]
 }
diff --git a/test/unit-complete/_generated_google.tf b/test/unit-complete/_generated_google.tf
@@ -24,11 +24,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.25, <6"
+      version = ">= 5, <6"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 4.25, <6"
+      version = ">= 5, <6"
     }
     random = {
       source  = "hashicorp/random"

diff --git a/test/unit-complete/main.tf b/test/unit-complete/main.tf
@@ -1,13 +1,14 @@
 module "test" {
   source = "../.."
 
-  project                         = local.project_id
-  name                            = "vpc-unit-complete"
-  description                     = "This is a unit test"
-  routing_mode                    = "GLOBAL"
-  delete_default_routes_on_create = true
-  auto_create_subnetworks         = true
-  mtu                             = 1500
-  enable_ula_internal_ipv6        = true
-  internal_ipv6_range             = "fd20:fff:ffff:ffff:ffff:ffff:ffff:ffff"
+  project                                   = local.project_id
+  name                                      = "vpc-unit-complete"
+  description                               = "This is a unit test"
+  routing_mode                              = "GLOBAL"
+  delete_default_routes_on_create           = true
+  auto_create_subnetworks                   = true
+  mtu                                       = 1500
+  enable_ula_internal_ipv6                  = true
+  internal_ipv6_range                       = "fd20:fff:ffff:ffff:ffff:ffff:ffff:ffff"
+  network_firewall_policy_enforcement_order = "BEFORE_CLASSIC_FIREWALL"
 }
diff --git a/test/unit-disabled/_generated_google.tf b/test/unit-disabled/_generated_google.tf
@@ -24,11 +24,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.25, <6"
+      version = ">= 5, <6"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 4.25, <6"
+      version = ">= 5, <6"
     }
     random = {
       source  = "hashicorp/random"

diff --git a/test/unit-minimal/_generated_google.tf b/test/unit-minimal/_generated_google.tf
@@ -24,11 +24,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = "4.25"
+      version = "5"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = "4.25"
+      version = "5"
     }
     random = {
       source  = "hashicorp/random"

diff --git a/variables.tf b/variables.tf
@@ -54,6 +54,12 @@ variable "auto_create_subnetworks" {
   default     = false
 }
 
+variable "network_firewall_policy_enforcement_order" {
+  description = "(Optional) Set the order that Firewall Rules and Firewall Policies are evaluated. Default value is AFTER_CLASSIC_FIREWALL. Possible values are: BEFORE_CLASSIC_FIREWALL, AFTER_CLASSIC_FIREWALL."
+  type        = string
+  default     = null
+}
+
 variable "mtu" {
   description = "(Optional) Maximum Transmission Unit in bytes. The minimum value for this field is 1460 and the maximum value is 1500 bytes. Default is '1460'."
   type        = string

diff --git a/versions.tf b/versions.tf
@@ -5,7 +5,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.25, <6"
+      version = ">= 5, <6"
     }
   }
 }
diff --git a/versions.tm.hcl b/versions.tm.hcl
@@ -2,7 +2,7 @@ globals {
   minimum_terraform_version   = "1.0"
 
   provider                    = "google"
-  minimum_provider_version    = "4.25"
+  minimum_provider_version    = "5"
 
   provider_version_constraint  = ">= ${global.minimum_provider_version}, <6"
   terraform_version_constraint = "~> ${global.minimum_terraform_version}, != 1.1.0, != 1.1.1"