feat: support can_ip_forward (#184)

galenwarren · web-flow · commit a7705b015e81 · 2024-04-05T13:13:56.000-07:00
diff --git a/README.md b/README.md
@@ -72,6 +72,7 @@ If the user does not share the same domain as the org the bastion is in, you wil
 | access\_config | Access configs for network, nat\_ip and DNS | <pre>list(object({<br>    network_tier           = string<br>    nat_ip                 = string<br>    public_ptr_domain_name = string<br>  }))</pre> | <pre>[<br>  {<br>    "nat_ip": "",<br>    "network_tier": "PREMIUM",<br>    "public_ptr_domain_name": ""<br>  }<br>]</pre> | no |
 | additional\_networks | Additional network interface details for the instance template, if any. | <pre>list(object({<br>    network            = string<br>    subnetwork         = string<br>    subnetwork_project = string<br>    network_ip         = string<br>    nic_type           = string<br>    stack_type         = string<br>    queue_count        = number<br>    access_config = list(object({<br>      nat_ip       = string<br>      network_tier = string<br>    }))<br>    ipv6_access_config = list(object({<br>      network_tier = string<br>    }))<br>    alias_ip_range = list(object({<br>      ip_cidr_range         = string<br>      subnetwork_range_name = string<br>    }))<br>  }))</pre> | `[]` | no |
 | additional\_ports | A list of additional ports/ranges to open access to on the instances from IAP. | `list(string)` | `[]` | no |
+| can\_ip\_forward | Whether the bastion should allow IP forwarding. | `bool` | `false` | no |
 | create\_firewall\_rule | If we need to create the firewall rule or not. | `bool` | `true` | no |
 | create\_instance\_from\_template | Whether to create and instance from the template or not. If false, no instance is created, but the instance template is created and usable by a MIG | `bool` | `true` | no |
 | disk\_labels | Key-value map of labels to assign to the bastion host disk | `map(any)` | `{}` | no |
diff --git a/main.tf b/main.tf
@@ -67,6 +67,7 @@ module "instance_template" {
   source_image_project = var.image_project
   startup_script       = var.startup_script
   preemptible          = var.preemptible
+  can_ip_forward       = var.can_ip_forward ? "true" : "false"
 
   tags   = var.tags
   labels = var.labels
diff --git a/variables.tf b/variables.tf
@@ -276,3 +276,9 @@ variable "additional_networks" {
   }))
 }
 
+variable "can_ip_forward" {
+  type        = bool
+  description = "Whether the bastion should allow IP forwarding."
+  default     = false
+}
+

Original file line number	Diff line number	Diff line change
`@@ -276,3 +276,9 @@ variable "additional_networks" {`
`276`	`276`	`}))`
`277`	`277`	`}`
`278`	`278`
	`279`	`+variable "can_ip_forward" {`
	`280`	`+ type = bool`
	`281`	`+ description = "Whether the bastion should allow IP forwarding."`
	`282`	`+ default = false`
	`283`	`+}`
	`284`	`+`