terraform-google-modules/terraform-google-network

only allow,deny can be specified

krishna-deriv opened this issue · 2 comments

krishna-deriv commented

TL;DR

When referencing the module https://github.com/terraform-google-modules/terraform-google-network/blob/master/modules/firewall-rules/main.tf getting error as can use only allow or deny block.

Expected behavior

terraform apply
Plan: 4 to add, 0 to change, 0 to destroy

Observed behavior

Got error as below

Error: ExactlyOne
│
│   with module.vpc-network.google_compute_firewall.rules["firewall-rules"],
│   on ..\modules\firewall_rules.tf line 32, in resource "google_compute_firewall" "rules":
│   32: resource "google_compute_firewall" "rules" {
│
│ "deny": only one of `allow,deny` can be specified, but `allow,deny` were specified.

Terraform Configuration

resource "google_compute_firewall" "rules" {
  for_each                = { for r in var.rules : r.name => r }
  name                    = each.value.name
  description             = each.value.description
  direction               = each.value.direction
  network                 = var.network_name
  project                 = var.project_id
  source_ranges           = each.value.direction == "INGRESS" ? each.value.ranges : null
  destination_ranges      = each.value.direction == "EGRESS" ? each.value.ranges : null
  source_tags             = each.value.source_tags
  source_service_accounts = each.value.source_service_accounts
  target_tags             = each.value.target_tags
  target_service_accounts = each.value.target_service_accounts
  priority                = each.value.priority

  dynamic "log_config" {
    for_each = lookup(each.value, "log_config") == null ? [] : [each.value.log_config]
    content {
      metadata = log_config.value.metadata
    }
  }

  dynamic "allow" {
    for_each = lookup(each.value, "allow", [])
    content {
      protocol = allow.value.protocol
      ports    = lookup(allow.value, "ports", null)
    }
  }

  dynamic "deny" {
    for_each = lookup(each.value, "deny", [])
    content {
      protocol = deny.value.protocol
      ports    = lookup(deny.value, "ports", null)
    }
  }
}


### Terraform Version

```sh
Terraform v1.0.9

Additional information

No response

morgante commented

Please share your module configuration (ie. how you're calling the module).

github-actions commented

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days