From 7bb5a1577edc98d5a7a99adfdfc50e20bfcb54af Mon Sep 17 00:00:00 2001
From: natanelm <natanelm@checkpoint.com>
Date: Mon, 13 Jan 2025 13:46:47 +0000
Subject: [PATCH] GCP Terraform | Update target tags in firewall rules

---
 terraform/gcp/common/firewall-rule/main.tf      | 3 +--
 terraform/gcp/common/firewall-rule/variables.tf | 5 +++++
 terraform/gcp/single/main.tf                    | 5 +++++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/terraform/gcp/common/firewall-rule/main.tf b/terraform/gcp/common/firewall-rule/main.tf
index 9f440b4a..6442c12b 100755
--- a/terraform/gcp/common/firewall-rule/main.tf
+++ b/terraform/gcp/common/firewall-rule/main.tf
@@ -5,6 +5,5 @@ resource "google_compute_firewall" "firewall_rules" {
     protocol = var.protocol
   }
   source_ranges = var.source_ranges
-  target_tags = [
-    "checkpoint-gateway"]
+  target_tags = var.target_tags
 }
\ No newline at end of file
diff --git a/terraform/gcp/common/firewall-rule/variables.tf b/terraform/gcp/common/firewall-rule/variables.tf
index 39ac095b..e870b388 100755
--- a/terraform/gcp/common/firewall-rule/variables.tf
+++ b/terraform/gcp/common/firewall-rule/variables.tf
@@ -14,4 +14,9 @@ variable "rule_name" {
 variable "network" {
   type = list(string)
   description = "The name or self_link of the network to attach this firewall to."
+}
+variable "target_tags" {
+  description = "List of target tags for the firewall rule"
+  type = list(string)
+  default = ["checkpoint-gateway"]
 }
\ No newline at end of file
diff --git a/terraform/gcp/single/main.tf b/terraform/gcp/single/main.tf
index 6cd02e5b..ecb5c3de 100644
--- a/terraform/gcp/single/main.tf
+++ b/terraform/gcp/single/main.tf
@@ -36,6 +36,7 @@ module "network_ICMP_firewall_rules" {
   source_ranges = var.ICMP_traffic
   rule_name = "${var.prefix}-${replace(replace(replace(lower(var.installation_type), "(", ""), ")", ""), " ", "-")}-icmp-${random_string.random_string.result}"
   network = local.create_network_condition ? module.network_and_subnet.new_created_network_link : module.network_and_subnet.existing_network_link
+  target_tags = var.installation_type == "Gateway only" ? ["checkpoint-gateway"] : ["checkpoint-management"]
 }
 module "network_TCP_firewall_rules" {
   count = local.TCP_traffic_condition
@@ -44,6 +45,7 @@ module "network_TCP_firewall_rules" {
   source_ranges = var.TCP_traffic
   rule_name = "${var.prefix}-${replace(replace(replace(lower(var.installation_type), "(", ""), ")", ""), " ", "-")}-tcp-${random_string.random_string.result}"
   network = local.create_network_condition ? module.network_and_subnet.new_created_network_link : module.network_and_subnet.existing_network_link
+  target_tags = var.installation_type == "Gateway only" ? ["checkpoint-gateway"] : ["checkpoint-management"]
 }
 module "network_UDP_firewall_rules" {
   count = local.UDP_traffic_condition
@@ -52,6 +54,7 @@ module "network_UDP_firewall_rules" {
   source_ranges = var.UDP_traffic
   rule_name = "${var.prefix}-${replace(replace(replace(lower(var.installation_type), "(", ""), ")", ""), " ", "-")}-udp-${random_string.random_string.result}"
   network = local.create_network_condition ? module.network_and_subnet.new_created_network_link : module.network_and_subnet.existing_network_link
+  target_tags = var.installation_type == "Gateway only" ? ["checkpoint-gateway"] : ["checkpoint-management"]
 }
 module "network_SCTP_firewall_rules" {
   count = local.SCTP_traffic_condition
@@ -60,6 +63,7 @@ module "network_SCTP_firewall_rules" {
   source_ranges = var.SCTP_traffic
   rule_name = "${var.prefix}-${replace(replace(replace(lower(var.installation_type), "(", ""), ")", ""), " ", "-")}-sctp-${random_string.random_string.result}"
   network = local.create_network_condition ? module.network_and_subnet.new_created_network_link : module.network_and_subnet.existing_network_link
+  target_tags = var.installation_type == "Gateway only" ? ["checkpoint-gateway"] : ["checkpoint-management"]
 }
 module "network_ESP_firewall_rules" {
   count = local.ESP_traffic_condition 
@@ -68,6 +72,7 @@ module "network_ESP_firewall_rules" {
   source_ranges = var.ESP_traffic
   rule_name = "${var.prefix}-${replace(replace(replace(lower(var.installation_type), "(", ""), ")", ""), " ", "-")}-esp-${random_string.random_string.result}"
   network = local.create_network_condition ? module.network_and_subnet.new_created_network_link : module.network_and_subnet.existing_network_link
+  target_tags = var.installation_type == "Gateway only" ? ["checkpoint-gateway"] : ["checkpoint-management"]
 }
 
 module "internal_network1_and_subnet" {