Add option to enable/disable automatic creation of firewall rule for health checks

[namcxn]

TL;DR

I'm using a shared VPC, so firewall rules are created on the host project. I already have a dedicated rule that allows health checks. Therefore, I would like to have an option to enable/disable the creation of firewall rules for health checks.

Terraform Resources

resource "google_compute_firewall" "default-hc" {
  count   = var.enable_firewall ? length(var.firewall_networks) : 0
  project = length(var.firewall_networks) == 1 && var.firewall_projects[0] == "default" ? var.project : var.firewall_projects[count.index]
  name    = "${var.name}-hc-${count.index}"
  network = var.firewall_networks[count.index]
  source_ranges = [
    "130.211.0.0/22",
    "35.191.0.0/16"
  ]
  target_tags             = length(var.target_tags) > 0 ? var.target_tags : null
  target_service_accounts = length(var.target_service_accounts) > 0 ? var.target_service_accounts : null

  dynamic "allow" {
    for_each = local.health_checked_backends
    content {
      protocol = "tcp"
      ports    = [allow.value["health_check"].port]
    }
  }
}

Detailed design

Additional information

No response

[bdashrad]

I had the same problem. If you set firewall_networks = [] then the module won't create the rules for you because of the count here: https://github.com/terraform-google-modules/terraform-google-lb-http/blob/main/main.tf#L436