mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-07 03:01:06 +00:00
Change in firewall rule handling so that only one service account (for source / target) is permitted. (#1462)
This commit is contained in:
parent
73fe8bcec8
commit
95e84aed83
@ -155,6 +155,7 @@ func resourceComputeFirewall() *schema.Resource {
|
|||||||
Optional: true,
|
Optional: true,
|
||||||
Elem: &schema.Schema{Type: schema.TypeString},
|
Elem: &schema.Schema{Type: schema.TypeString},
|
||||||
ForceNew: true,
|
ForceNew: true,
|
||||||
|
MaxItems: 1,
|
||||||
ConflictsWith: []string{"source_tags", "target_tags"},
|
ConflictsWith: []string{"source_tags", "target_tags"},
|
||||||
},
|
},
|
||||||
|
|
||||||
@ -163,6 +164,7 @@ func resourceComputeFirewall() *schema.Resource {
|
|||||||
Optional: true,
|
Optional: true,
|
||||||
Elem: &schema.Schema{Type: schema.TypeString},
|
Elem: &schema.Schema{Type: schema.TypeString},
|
||||||
ForceNew: true,
|
ForceNew: true,
|
||||||
|
MaxItems: 1,
|
||||||
ConflictsWith: []string{"source_tags", "target_tags"},
|
ConflictsWith: []string{"source_tags", "target_tags"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -74,7 +74,8 @@ The following arguments are supported:
|
|||||||
firewall applies to. Can't be used for `INGRESS`.
|
firewall applies to. Can't be used for `INGRESS`.
|
||||||
|
|
||||||
* `source_service_accounts` - (Optional) A list of service accounts such that
|
* `source_service_accounts` - (Optional) A list of service accounts such that
|
||||||
the firewall will apply only to traffic originating from an instance with a service account in this list. Source service accounts
|
the firewall will apply only to traffic originating from an instance with a service account in this list. Note that as of May 2018,
|
||||||
|
this list can contain only one item, due to a change in the way that these firewall rules are handled. Source service accounts
|
||||||
cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not
|
cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not
|
||||||
an IP address. `source_ranges` can be set at the same time as `source_service_accounts`. If both are set, the firewall will apply to
|
an IP address. `source_ranges` can be set at the same time as `source_service_accounts`. If both are set, the firewall will apply to
|
||||||
traffic that has source IP address within `source_ranges` OR the source IP belongs to an instance with service account listed in
|
traffic that has source IP address within `source_ranges` OR the source IP belongs to an instance with service account listed in
|
||||||
@ -84,7 +85,8 @@ The following arguments are supported:
|
|||||||
* `target_service_accounts` - (Optional) A list of service accounts indicating
|
* `target_service_accounts` - (Optional) A list of service accounts indicating
|
||||||
sets of instances located in the network that may make network connections as specified in `allow`. `target_service_accounts` cannot
|
sets of instances located in the network that may make network connections as specified in `allow`. `target_service_accounts` cannot
|
||||||
be used at the same time as `source_tags` or `target_tags`. If neither `target_service_accounts` nor `target_tags` are specified, the
|
be used at the same time as `source_tags` or `target_tags`. If neither `target_service_accounts` nor `target_tags` are specified, the
|
||||||
firewall rule applies to all instances on the specified network.
|
firewall rule applies to all instances on the specified network. Note that as of May 2018, this list can contain only one item, due
|
||||||
|
to a change in the way that these firewall rules are handled.
|
||||||
|
|
||||||
The `allow` block supports:
|
The `allow` block supports:
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user