Firewall rule fails open if no sources specified

Question

Firewall rule fails open if no sources specified

DeanBrunt opened this issue 4 years ago · 3 comments

The firewall for this module fails open (to range 0.0.0.0/0) if no sources are specified.

This is concerning as it leaves unaware users of this module one step away from opening their load balancer to traffic from anywhere, possibly without realising.

Answer 1 · 2020-09-04T20:59:52.000Z

We should add a check that that some source type is required.

Answer 2 · 2020-09-09T09:26:39.000Z

This looks to be represented upstream as well: hashicorp/terraform-provider-google#6789

Answer 3 · 2024-01-03T16:20:18.000Z

I got stung by this today :(
Still relevant in latest version