Skip to content

feat: Add nullable = false to variables with defaults in submodules #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -137,8 +137,8 @@ No resources.
| <a name="input_policy_stateful_engine_options"></a> [policy\_stateful\_engine\_options](#input\_policy\_stateful\_engine\_options) | A configuration block that defines options on how the policy handles stateful rules. See [Stateful Engine Options](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateful-engine-options) for details | `any` | `{}` | no |
| <a name="input_policy_stateful_rule_group_reference"></a> [policy\_stateful\_rule\_group\_reference](#input\_policy\_stateful\_rule\_group\_reference) | Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See [Stateful Rule Group Reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateful-rule-group-reference) for details | `any` | `{}` | no |
| <a name="input_policy_stateless_custom_action"></a> [policy\_stateless\_custom\_action](#input\_policy\_stateless\_custom\_action) | Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's `stateless_default_actions` | `any` | `{}` | no |
| <a name="input_policy_stateless_default_actions"></a> [policy\_stateless\_default\_actions](#input\_policy\_stateless\_default\_actions) | Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe` | `list(string)` | <pre>[<br/> "aws:pass"<br/>]</pre> | no |
| <a name="input_policy_stateless_fragment_default_actions"></a> [policy\_stateless\_fragment\_default\_actions](#input\_policy\_stateless\_fragment\_default\_actions) | Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe` | `list(string)` | <pre>[<br/> "aws:pass"<br/>]</pre> | no |
| <a name="input_policy_stateless_default_actions"></a> [policy\_stateless\_default\_actions](#input\_policy\_stateless\_default\_actions) | Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe` | `list(string)` | <pre>[<br> "aws:pass"<br>]</pre> | no |
| <a name="input_policy_stateless_fragment_default_actions"></a> [policy\_stateless\_fragment\_default\_actions](#input\_policy\_stateless\_fragment\_default\_actions) | Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe` | `list(string)` | <pre>[<br> "aws:pass"<br>]</pre> | no |
| <a name="input_policy_stateless_rule_group_reference"></a> [policy\_stateless\_rule\_group\_reference](#input\_policy\_stateless\_rule\_group\_reference) | Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See [Stateless Rule Group Reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateless-rule-group-reference) for details | `any` | `{}` | no |
| <a name="input_policy_tags"></a> [policy\_tags](#input\_policy\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
| <a name="input_subnet_change_protection"></a> [subnet\_change\_protection](#input\_subnet\_change\_protection) | A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to `true` | `bool` | `true` | no |
Expand Down
2 changes: 1 addition & 1 deletion modules/firewall/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ module "network_firewall" {

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.2 |

## Providers
Expand Down
2 changes: 1 addition & 1 deletion modules/firewall/versions.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.0"
required_version = ">= 1.1.0"

required_providers {
aws = {
Expand Down
6 changes: 3 additions & 3 deletions modules/policy/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ module "network_firewall_policy" {

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.2 |

## Providers
Expand Down Expand Up @@ -81,8 +81,8 @@ No modules.
| <a name="input_stateful_engine_options"></a> [stateful\_engine\_options](#input\_stateful\_engine\_options) | A configuration block that defines options on how the policy handles stateful rules. See [Stateful Engine Options](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateful-engine-options) for details | `any` | `{}` | no |
| <a name="input_stateful_rule_group_reference"></a> [stateful\_rule\_group\_reference](#input\_stateful\_rule\_group\_reference) | Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See [Stateful Rule Group Reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateful-rule-group-reference) for details | `any` | `{}` | no |
| <a name="input_stateless_custom_action"></a> [stateless\_custom\_action](#input\_stateless\_custom\_action) | Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's `stateless_default_actions` | `any` | `{}` | no |
| <a name="input_stateless_default_actions"></a> [stateless\_default\_actions](#input\_stateless\_default\_actions) | Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe` | `list(string)` | <pre>[<br/> "aws:pass"<br/>]</pre> | no |
| <a name="input_stateless_fragment_default_actions"></a> [stateless\_fragment\_default\_actions](#input\_stateless\_fragment\_default\_actions) | Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe` | `list(string)` | <pre>[<br/> "aws:pass"<br/>]</pre> | no |
| <a name="input_stateless_default_actions"></a> [stateless\_default\_actions](#input\_stateless\_default\_actions) | Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe` | `list(string)` | <pre>[<br> "aws:pass"<br>]</pre> | no |
| <a name="input_stateless_fragment_default_actions"></a> [stateless\_fragment\_default\_actions](#input\_stateless\_fragment\_default\_actions) | Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe` | `list(string)` | <pre>[<br> "aws:pass"<br>]</pre> | no |
| <a name="input_stateless_rule_group_reference"></a> [stateless\_rule\_group\_reference](#input\_stateless\_rule\_group\_reference) | Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See [Stateless Rule Group Reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateless-rule-group-reference) for details | `any` | `{}` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |

Expand Down
16 changes: 16 additions & 0 deletions modules/policy/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ variable "create" {
description = "Controls if resources should be created"
type = bool
default = true
nullable = false
}

variable "tags" {
Expand All @@ -24,54 +25,63 @@ variable "encryption_configuration" {
description = "KMS encryption configuration settings"
type = any
default = {}
nullable = false
}

variable "stateful_default_actions" {
description = "Set of actions to take on a packet if it does not match any stateful rules in the policy. This can only be specified if the policy has a `stateful_engine_options` block with a rule_order value of `STRICT_ORDER`. You can specify one of either or neither values of `aws:drop_strict` or `aws:drop_established`, as well as any combination of `aws:alert_strict` and `aws:alert_established`"
type = list(string)
default = []
nullable = false
}

variable "stateful_engine_options" {
description = "A configuration block that defines options on how the policy handles stateful rules. See [Stateful Engine Options](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateful-engine-options) for details"
type = any
default = {}
nullable = false
}

variable "stateful_rule_group_reference" {
description = "Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See [Stateful Rule Group Reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateful-rule-group-reference) for details"
type = any
default = {}
nullable = false
}

variable "stateless_custom_action" {
description = "Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's `stateless_default_actions`"
type = any
default = {}
nullable = false
}

variable "stateless_default_actions" {
description = "Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe`"
type = list(string)
default = ["aws:pass"]
nullable = false
}

variable "stateless_fragment_default_actions" {
description = "Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe`"
type = list(string)
default = ["aws:pass"]
nullable = false
}

variable "stateless_rule_group_reference" {
description = "Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See [Stateless Rule Group Reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateless-rule-group-reference) for details"
type = any
default = {}
nullable = false
}

variable "name" {
description = "A friendly name of the firewall policy"
type = string
default = ""
nullable = false
}

################################################################################
Expand All @@ -82,30 +92,35 @@ variable "create_resource_policy" {
description = "Controls if a resource policy should be created"
type = bool
default = false
nullable = false
}

variable "resource_policy_actions" {
description = "A list of IAM actions allowed in the resource policy"
type = list(string)
default = []
nullable = false
}

variable "resource_policy_principals" {
description = "A list of IAM principals allowed in the resource policy"
type = list(string)
default = []
nullable = false
}

variable "attach_resource_policy" {
description = "Controls if a resource policy should be attached to the firewall policy"
type = bool
default = false
nullable = false
}

variable "resource_policy" {
description = "The policy JSON to use for the resource policy; required when `create_resource_policy` is `false`"
type = string
default = ""
nullable = false
}

################################################################################
Expand All @@ -116,4 +131,5 @@ variable "ram_resource_associations" {
description = "A map of RAM resource associations for the created firewall policy"
type = map(string)
default = {}
nullable = false
}
2 changes: 1 addition & 1 deletion modules/policy/versions.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.0"
required_version = ">= 1.1.0"

required_providers {
aws = {
Expand Down
2 changes: 1 addition & 1 deletion modules/rule-group/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ module "network_firewall_rule_group_stateless" {

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.2 |

## Providers
Expand Down
13 changes: 13 additions & 0 deletions modules/rule-group/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,14 @@ variable "create" {
description = "Controls if Network Firewall resources should be created"
type = bool
default = true
nullable = false
}

variable "tags" {
description = "A map of tags to add to all resources"
type = map(string)
default = {}
nullable = false
}

################################################################################
Expand All @@ -18,6 +20,7 @@ variable "capacity" {
description = "The maximum number of operating resources that this rule group can use. For a stateless rule group, the capacity required is the sum of the capacity requirements of the individual rules. For a stateful rule group, the minimum capacity required is the number of individual rules"
type = number
default = 100
nullable = false
}

variable "description" {
Expand All @@ -30,18 +33,21 @@ variable "encryption_configuration" {
description = "KMS encryption configuration settings"
type = any
default = {}
nullable = false
}

variable "name" {
description = "A friendly name of the rule group"
type = string
default = ""
nullable = false
}

variable "rule_group" {
description = "A configuration block that defines the rule group rules. Required unless `rules` is specified"
type = any
default = {}
nullable = false
}

variable "rules" {
Expand All @@ -54,6 +60,7 @@ variable "type" {
description = "Whether the rule group is stateless (containing stateless rules) or stateful (containing stateful rules). Valid values include: `STATEFUL` or `STATELESS`"
type = string
default = "STATELESS"
nullable = false
}

################################################################################
Expand All @@ -64,30 +71,35 @@ variable "create_resource_policy" {
description = "Controls if a resource policy should be created"
type = bool
default = false
nullable = false
}

variable "resource_policy_actions" {
description = "A list of IAM actions allowed in the resource policy"
type = list(string)
default = []
nullable = false
}

variable "resource_policy_principals" {
description = "A list of IAM principals allowed in the resource policy"
type = list(string)
default = []
nullable = false
}

variable "attach_resource_policy" {
description = "Controls if a resource policy should be attached to the rule group"
type = bool
default = false
nullable = false
}

variable "resource_policy" {
description = "The policy JSON to use for the resource policy; required when `create_resource_policy` is `false`"
type = string
default = ""
nullable = false
}

################################################################################
Expand All @@ -98,4 +110,5 @@ variable "ram_resource_associations" {
description = "A map of RAM resource associations for the created rule group"
type = map(string)
default = {}
nullable = false
}
2 changes: 1 addition & 1 deletion modules/rule-group/versions.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.0"
required_version = ">= 1.1.0"

required_providers {
aws = {
Expand Down
2 changes: 1 addition & 1 deletion wrappers/firewall/versions.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.0"
required_version = ">= 1.1.0"

required_providers {
aws = {
Expand Down
2 changes: 1 addition & 1 deletion wrappers/policy/versions.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.0"
required_version = ">= 1.1.0"

required_providers {
aws = {
Expand Down
2 changes: 1 addition & 1 deletion wrappers/rule-group/versions.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.0"
required_version = ">= 1.1.0"

required_providers {
aws = {
Expand Down
Loading