Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

google_compute_firewall doesn't support priority #342

Closed
kornface13 opened this issue Aug 18, 2017 · 1 comment · Fixed by #345
Closed

google_compute_firewall doesn't support priority #342

kornface13 opened this issue Aug 18, 2017 · 1 comment · Fixed by #345

Comments

@kornface13
Copy link

kornface13 commented Aug 18, 2017

Terraform Version

terraform -v
Terraform v0.10.2

Affected Resource(s)

Please list the resources as a list, for example:
google_compute_firewall

In GCE you can put priority on firewall rules so that you can do something like:

  • block tcp:22 to 10.128.0.0/16 priority 5000
  • allow tcp:22 ONLY to 10.128.0.5/32 priority 100

This would allow tcp22 to 10.128.0.5 but block tcp:22 to the rest of the subnet. We heavily utilize rules in this fashion and need to be able to input priority into terraform configs. Its not currently documented as being supported at all. Hopefully this is an easy fix.

Here is the gcloud command that would use priority:

gcloud beta compute --project=blah firewall-rules create block --direction=EGRESS --priority=5000 --network=default --deny=all --destination-ranges=10.128.0.0/16

And the REST call:

POST https://www.googleapis.com/compute/v1/projects/blah/global/firewalls
{
"name": "block",
"selfLink": "projects/blah/global/firewalls/block",
"network": "projects/blah/global/networks/default",
"direction": "EGRESS",
"priority": 5000,
"denied": [
{
"IPProtocol": "all"
}
],
"destinationRanges": [
"10.128.0.0/16"
]
}

@selmanj selmanj self-assigned this Aug 18, 2017
luis-silva pushed a commit to luis-silva/terraform-provider-google that referenced this issue May 21, 2019
@ghost
Copy link

ghost commented Mar 31, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 31, 2020
@ghost ghost unassigned selmanj Mar 31, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants