-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support to add rules to a google_compute_security_policy #5622
Add support to add rules to a google_compute_security_policy #5622
Comments
Hey @maguro, just to check- you can already add rules to security policies in the security policy resource itself, so this specific FR is to have a separate resource just for the rule, correct? Can you expand a bit on your proposed use case? |
You may be speaking of features of which I am unaware of. I'll flesh out my idea here, in this thread. Once it gels, after community input, I'll update the description above. Let's say we work for a huge corporation, MegaCorp. There are a number of companies under its umbrella, each with their own IT team. For our various internal websites, we'd like to setup security policies where each IT team contributes the CIDR ranges to be whitelisted for the internal websites. The Terraform mechanics is as follows. Each company is allocated a small range of priorities, say 10, to prevent collisions of rules via priority. So, each company's IT team creates a Terraform module that can be referenced, passing in the security policy to which they add their rules. Each internal website can choose which company it wishes to provide access to by referencing that company's rules module. The rules module becomes the sole source of authority, with respect to Terraform, of that company's valid CIDR ranges. |
I think this will solve the issue of all rules getting recreated while adding/editing one rule in a security policy. |
Signed-off-by: Modular Magician <magic-modules@google.com>
Hi All, Anything I can help out with to get this issue implemented? Regional policy rules already exist from this PR #15319 so having similar functionality would make sense. |
Hello everyone! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Description
It would be nice if it were possible to add rules to
google_compute_security_policy
. This would mimicThis would allow aggregation of reusable sets of rules, security groups, into various Terraform modules.
New or Affected Resource(s)
google_compute_security_policy
- add a data source for rules to referencegoogle_compute_security_policy_rule
Potential Terraform Configuration
b/299683660
The text was updated successfully, but these errors were encountered: