Skip to content

Commit

Permalink
feat(bastion-group): add variable for additional_ports (#215)
Browse files Browse the repository at this point in the history
Signed-off-by: Michael Malet <michael@rubypx.com>
Co-authored-by: Andrew Peabody <andrewpeabody@google.com>
  • Loading branch information
Malet and apeabody authored Oct 29, 2024
1 parent 4c84d22 commit 4bbafb0
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 0 deletions.
Empty file added .terraform.lock
Empty file.
1 change: 1 addition & 0 deletions modules/bastion-group/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ provision a project with the necessary APIs enabled.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| additional\_networks | Additional network interface details for the instance template, if any. | <pre>list(object({<br> network = string<br> subnetwork = string<br> subnetwork_project = string<br> network_ip = string<br> nic_type = string<br> stack_type = string<br> queue_count = number<br> access_config = list(object({<br> nat_ip = string<br> network_tier = string<br> }))<br> ipv6_access_config = list(object({<br> network_tier = string<br> }))<br> alias_ip_range = list(object({<br> ip_cidr_range = string<br> subnetwork_range_name = string<br> }))<br> }))</pre> | `[]` | no |
| additional\_ports | A list of additional ports/ranges to open access to on the instances from IAP. | `list(string)` | `[]` | no |
| fw\_name\_allow\_ssh\_from\_health\_check\_cidrs | Firewall rule name for allowing Health Checks | `string` | `"allow-ssh-from-health-check-cidrs"` | no |
| fw\_name\_allow\_ssh\_from\_iap | Firewall rule name for allowing SSH from IAP | `string` | `"allow-ssh-from-iap-to-bastion-group"` | no |
| health\_check | Health check config for the mig. | <pre>object({<br> type = string<br> initial_delay_sec = number<br> check_interval_sec = number<br> healthy_threshold = number<br> timeout_sec = number<br> unhealthy_threshold = number<br> response = string<br> proxy_header = string<br> port = number<br> request = string<br> enable_logging = bool<br><br> # Unused fields.<br> request_path = string<br> host = string<br> })</pre> | <pre>{<br> "check_interval_sec": 30,<br> "enable_logging": false,<br> "healthy_threshold": 1,<br> "host": "",<br> "initial_delay_sec": 30,<br> "port": 22,<br> "proxy_header": "NONE",<br> "request": "",<br> "request_path": "",<br> "response": "",<br> "timeout_sec": 10,<br> "type": "tcp",<br> "unhealthy_threshold": 5<br>}</pre> | no |
Expand Down
1 change: 1 addition & 0 deletions modules/bastion-group/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ module "iap_bastion" {
startup_script = var.startup_script
subnet = var.subnet
additional_networks = var.additional_networks
additional_ports = var.additional_ports
zone = var.zone
random_role_id = var.random_role_id
fw_name_allow_ssh_from_iap = var.fw_name_allow_ssh_from_iap
Expand Down
6 changes: 6 additions & 0 deletions modules/bastion-group/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,12 @@ variable "fw_name_allow_ssh_from_iap" {
default = "allow-ssh-from-iap-to-bastion-group"
}

variable "additional_ports" {
description = "A list of additional ports/ranges to open access to on the instances from IAP."
type = list(string)
default = []
}

variable "additional_networks" {
description = "Additional network interface details for the instance template, if any."
default = []
Expand Down

0 comments on commit 4bbafb0

Please sign in to comment.