Firewall rule fails open if no sources specified
DeanBrunt opened this issue · 3 comments
DeanBrunt commented
The firewall for this module fails open (to range 0.0.0.0/0) if no sources are specified.
This is concerning as it leaves unaware users of this module one step away from opening their load balancer to traffic from anywhere, possibly without realising.
morgante commented
We should add a check that that some source type is required.
DeanBrunt commented
This looks to be represented upstream as well: hashicorp/terraform-provider-google#6789
devodev commented
I got stung by this today :(
Still relevant in latest version