From e007ab941a21d5fd5ca3a67fc792f91ac1e38ede Mon Sep 17 00:00:00 2001
From: Jean Morais <jeancdemorais@gmail.com>
Date: Tue, 28 May 2024 17:11:07 -0300
Subject: [PATCH] feat: add rules support

---
 README.md    |  1 +
 main.tf      | 13 +++++++++++++
 variables.tf | 14 ++++++++++++++
 3 files changed, 28 insertions(+)

diff --git a/README.md b/README.md
index a41c3c0..c106d22 100644
--- a/README.md
+++ b/README.md
@@ -56,6 +56,7 @@ Then perform the following commands on the root folder:
 | router | The name of the router in which this NAT will be configured. Changing this forces a new NAT to be created. | `string` | n/a | yes |
 | router\_asn | Router ASN, only if router is not passed in and is created by the module. | `string` | `"64514"` | no |
 | router\_keepalive\_interval | Router keepalive\_interval, only if router is not passed in and is created by the module. | `string` | `"20"` | no |
+| rules | Specifies one or more rules associated with this NAT. | <pre>list(object({<br>    description = string<br>    match       = string<br>    rule_number = number<br>    action = object({<br>      source_nat_active_ips = list(string)<br>      source_nat_drain_ips  = list(string)<br>    })<br>  }))</pre> | `[]` | no |
 | source\_subnetwork\_ip\_ranges\_to\_nat | Defaults to ALL\_SUBNETWORKS\_ALL\_IP\_RANGES. How NAT should be configured per Subnetwork. Valid values include: ALL\_SUBNETWORKS\_ALL\_IP\_RANGES, ALL\_SUBNETWORKS\_ALL\_PRIMARY\_IP\_RANGES, LIST\_OF\_SUBNETWORKS. Changing this forces a new NAT to be created. | `string` | `"ALL_SUBNETWORKS_ALL_IP_RANGES"` | no |
 | subnetworks | Specifies one or more subnetwork NAT configurations | <pre>list(object({<br>    name                     = string,<br>    source_ip_ranges_to_nat  = list(string)<br>    secondary_ip_range_names = list(string)<br>  }))</pre> | `[]` | no |
 | tcp\_established\_idle\_timeout\_sec | Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set. Changing this forces a new NAT to be created. | `string` | `"1200"` | no |
diff --git a/main.tf b/main.tf
index b44f6b9..bd9e53d 100644
--- a/main.tf
+++ b/main.tf
@@ -86,4 +86,17 @@ resource "google_compute_router_nat" "main" {
       filter = log_config.value.filter
     }
   }
+
+  dynamic "rules" {
+    for_each = var.rules
+    content {
+      rule_number = rules.value.rule_number
+      description = rules.value.description
+      match       = rules.value.match
+      action {
+        source_nat_active_ips = rules.value.action.source_nat_active_ips
+        source_nat_drain_ips  = rules.value.action.source_nat_drain_ips
+      }
+    }
+  }
 }
diff --git a/variables.tf b/variables.tf
index faa47d4..3b81c3b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -145,3 +145,17 @@ variable "enable_endpoint_independent_mapping" {
   description = "Specifies if endpoint independent mapping is enabled."
   default     = false
 }
+
+variable "rules" {
+  description = "Specifies one or more rules associated with this NAT."
+  type = list(object({
+    description = string
+    match       = string
+    rule_number = number
+    action = object({
+      source_nat_active_ips = list(string)
+      source_nat_drain_ips  = list(string)
+    })
+  }))
+  default = []
+}