Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add optional support for fw policies via new vpc_configs variable, refactor factories variable in net stages #2801

Merged
merged 13 commits into from
Jan 9, 2025
Merged

Add optional support for fw policies via new vpc_configs variable, refactor factories variable in net stages #2801

merged 13 commits into from
Jan 9, 2025

Conversation

ludoo
Copy link
Collaborator

@ludoo ludoo commented Jan 7, 2025

This PR adds support for firewall policies to the a networking stage (the other stages will also be updated if the approach is agreed upon), via a vpc_configs variable.

The variable is also used to concentrate some existing functionality which was previously scattered among other variables, and allow flipping cloudnat, DNS, and firewall bits for individual VPCs where the same configuration was previously applied to all VPC unconditionally.

From the point of view of resources this does not change anything, but it allows leveraging firewall policies especially in connection with NGFW, controlling the firewall precedence between classic and policies, and turning off classic firewalls entirely if needed. I actually need this for a project I'm working on, and I think it's high time we started supporting firewall policies.

@ludoo ludoo requested a review from juliocc January 7, 2025 15:58
@juliocc juliocc changed the base branch from master to fast-dev January 8, 2025 09:38
@ludoo ludoo marked this pull request as ready for review January 9, 2025 15:33
@ludoo ludoo enabled auto-merge (squash) January 9, 2025 15:38
@ludoo ludoo changed the title Add optional support for firewall policies to net stages Add optional support for fw policies, refactor factories variable in net stages Jan 9, 2025
@ludoo ludoo changed the title Add optional support for fw policies, refactor factories variable in net stages Add optional support for fw policies via new vpc_configs variable, refactor factories variable in net stages Jan 9, 2025
@ludoo ludoo disabled auto-merge January 9, 2025 16:14
@ludoo ludoo merged commit d6d582e into fast-dev Jan 9, 2025
18 checks passed
@ludoo ludoo deleted the ludo/net-vpc-fw-order branch January 9, 2025 16:14
karpok78 pushed a commit to karpok78/cloud-foundation-fabric that referenced this pull request Jan 19, 2025
@ludoo @karpok78
Add optional support for fw policies via new vpc_configs variable, re…
919cc4f 
…factor factories variable in net stages (GoogleCloudPlatform#2801)

* net a

* extend change to other networking stages

* refactor factories config variable in net a

* net b and c

* complete net b

* fix errors, add mtu

* fix

* fix

* fix errors
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliocc juliocc juliocc approved these changes

Assignees
No one assigned
Labels
on:FAST
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ludoo @juliocc