fix: update count variable and fix description for ingress rule

terraform-do-modules · Jun 20, 2023 · e86f494 · e86f494
1 parent 42a4f97
commit e86f494
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 20 deletions.
diff --git a/README.yaml b/README.yaml
@@ -52,11 +52,12 @@ usage : |-
   Here is an example of how you can use this module in your inventory structure:
   ```hcl
        module "firewall" {
-       source             = "terraform-do-modules/firewall/digitalocean"
-       version            = "0.15.0"
-       name                = local.name
-       environment         = local.environment
-       database_cluster_id = ""
+       source                     = "terraform-do-modules/firewall/digitalocean"
+       version                    = "0.15.0"
+       name                       = local.name
+       environment                = local.environment
+       database_firewall_enabled  = true
+       database_cluster_id        = ""
        rules = [
           {
             type  = "ip_addr"

diff --git a/_examples/basic/example.tf b/_examples/basic/example.tf
@@ -9,12 +9,13 @@ locals {
 ## Firewall module call
 ##------------------------------------------------
 module "firewall" {
-  source             = "./../../"
-  name               = local.name
-  environment        = local.environment
-  allowed_ip         = ["0.0.0.0/0"]
-  allowed_ports      = [22, 80]
-  droplet_ids        = [] #### Add droplet ids
-  kubernetes_ids     = [] #### Add kubernetes ids
-  load_balancer_uids = [] #### Add load balancer uids
+  source        = "./../../"
+  name          = local.name
+  environment   = local.environment
+  allowed_ip    = ["0.0.0.0/0"]
+  allowed_ports = [22, 80]
+  ##  we can use all them need to pass value accordingly for droplet , kubernetes and load balancer.
+  //  droplet_ids        = []
+  //  kubernetes_ids     = []
+  //  load_balancer_uids = []
 }
diff --git a/_examples/database_firewall/example.tf b/_examples/database_firewall/example.tf
@@ -9,10 +9,11 @@ locals {
 ## database Firewall module call
 ##------------------------------------------------
 module "firewall" {
-  source              = "./../../"
-  name                = local.name
-  environment         = local.environment
-  database_cluster_id = "" ## add database cluster id
+  source                    = "./../../"
+  name                      = local.name
+  environment               = local.environment
+  database_firewall_enabled = true
+  database_cluster_id       = "" ## add database cluster id
   rules = [
     {
       type  = "ip_addr"

diff --git a/main.tf b/main.tf
@@ -13,10 +13,10 @@ module "labels" {
 #Description :  Provides a DigitalOcean Cloud Firewall resource. This can be used to create, modify, and delete Firewalls.
 ##-------------------------------------------------------------------------------------------------------------------------
 
-#tfsec:ignore:digitalocean-compute-no-public-ingress   ## because by default we use ["0.0.0.0/0"], do not use on prod env.
-#tfsec:ignore:digitalocean-compute-no-public-egress    ## The port is exposed for ingress from the internet, by default we use  ["0.0.0.0/0", "::/0"].
+#tfsec:ignore:digitalocean-compute-no-public-ingress   ## The port is exposed for ingress from the internet, by default  ["0.0.0.0/0", "::/0"] we use for http and https.
+#tfsec:ignore:digitalocean-compute-no-public-egress    ## because by default we use ["0.0.0.0/0"], do not use on prod env.
 resource "digitalocean_firewall" "default" {
-  count       = var.enabled == true ? 1 : 0
+  count       = var.enabled == true && var.database_cluster_id == null ? 1 : 0
   name        = format("%s-firewall", module.labels.id)
   droplet_ids = var.droplet_ids
   dynamic "inbound_rule" {

diff --git a/variables.tf b/variables.tf
@@ -31,6 +31,12 @@ variable "enabled" {
   description = "Flag to control the firewall creation."
 }
 
+variable "database_firewall_enabled" {
+  type        = bool
+  default     = false
+  description = "Flag to control the firewall creation."
+}
+
 variable "allowed_ip" {
   type        = list(any)
   default     = []